CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

References

Affected packages

Git / github.com/lighttpd/lighttpd1.4

Affected ranges

Type

GIT

Repo

https://github.com/lighttpd/lighttpd1.4

Events

Introduced

f07bcb145cbe2cfab8eccedb2a5c2dca7e728011

Last affected

0340dc943c2bd3c475ad6491a0d1cf3e87a2b51c

Database specific

{
    "versions": [
        {
            "introduced": "1.4.46"
        },
        {
            "last_affected": "1.4.63"
        }
    ]
}

Affected versions

lighttpd-1.*

lighttpd-1.4.46

lighttpd-1.4.47

lighttpd-1.4.48

lighttpd-1.4.49

lighttpd-1.4.50

lighttpd-1.4.51

lighttpd-1.4.52

lighttpd-1.4.53

lighttpd-1.4.54

lighttpd-1.4.55

lighttpd-1.4.56

lighttpd-1.4.56-rc1

lighttpd-1.4.56-rc2

lighttpd-1.4.56-rc3

lighttpd-1.4.56-rc4

lighttpd-1.4.56-rc5

lighttpd-1.4.56-rc6

lighttpd-1.4.56-rc7

lighttpd-1.4.57

lighttpd-1.4.58

lighttpd-1.4.59

lighttpd-1.4.60

lighttpd-1.4.61

lighttpd-1.4.62

lighttpd-1.4.63

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22707.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]