CVE-2022-37797

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-37797

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37797.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-37797

Related

Published

2022-09-12T15:15:08Z

Modified

2024-09-18T03:21:18.040603Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.

References

Affected packages

Debian:11 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.59-1+deb11u2

Affected versions

1.*

1.4.59-1

1.4.59-1+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.66-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.66-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/lighttpd/lighttpd1.4

Affected ranges

Type: GIT
Repo: https://github.com/lighttpd/lighttpd1.4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

388aad082c5e45575e7d1f866e6fe7acf562e45e

Affected versions

lighttpd-1.*

lighttpd-1.3.11

lighttpd-1.3.12

lighttpd-1.3.13

lighttpd-1.3.14

lighttpd-1.3.15

lighttpd-1.3.16

lighttpd-1.4.1

lighttpd-1.4.2

lighttpd-1.4.25

lighttpd-1.4.26

lighttpd-1.4.27

lighttpd-1.4.28

lighttpd-1.4.29

lighttpd-1.4.3

lighttpd-1.4.30

lighttpd-1.4.31

lighttpd-1.4.32

lighttpd-1.4.33

lighttpd-1.4.34

lighttpd-1.4.35

lighttpd-1.4.36

lighttpd-1.4.36--rc1

lighttpd-1.4.37

lighttpd-1.4.38

lighttpd-1.4.39

lighttpd-1.4.4

lighttpd-1.4.40

lighttpd-1.4.41

lighttpd-1.4.42

lighttpd-1.4.43

lighttpd-1.4.44

lighttpd-1.4.45

lighttpd-1.4.46

lighttpd-1.4.47

lighttpd-1.4.48

lighttpd-1.4.49

lighttpd-1.4.5

lighttpd-1.4.50

lighttpd-1.4.51

lighttpd-1.4.52

lighttpd-1.4.53

lighttpd-1.4.54

lighttpd-1.4.55

lighttpd-1.4.56

lighttpd-1.4.56-rc1

lighttpd-1.4.56-rc2

lighttpd-1.4.56-rc3

lighttpd-1.4.56-rc4

lighttpd-1.4.56-rc5

lighttpd-1.4.56-rc6

lighttpd-1.4.56-rc7

lighttpd-1.4.57

lighttpd-1.4.58

lighttpd-1.4.59

lighttpd-1.4.6

lighttpd-1.4.60

lighttpd-1.4.61

lighttpd-1.4.62

lighttpd-1.4.63

lighttpd-1.4.64

lighttpd-1.4.65

lighttpd-1.4.7