CVE-2022-37797
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-37797
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37797.json
- Related
- Published
- 2022-09-12T15:15:08Z
- Modified
- 2023-11-29T09:48:53.588019Z
- Details
-
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.
- References
Affected packages
Git / github.com/lighttpd/lighttpd1.4
Affected ranges
- Type
- GIT
- Repo
- https://github.com/lighttpd/lighttpd1.4
- Events
-
Introduced0The exact introduced commit is unknownLast affected
Affected versions
lighttpd-1.*
lighttpd-1.3.11
lighttpd-1.3.12
lighttpd-1.3.13
lighttpd-1.3.14
lighttpd-1.3.15
lighttpd-1.3.16
lighttpd-1.4.1
lighttpd-1.4.2
lighttpd-1.4.25
lighttpd-1.4.26
lighttpd-1.4.27
lighttpd-1.4.28
lighttpd-1.4.29
lighttpd-1.4.3
lighttpd-1.4.30
lighttpd-1.4.31
lighttpd-1.4.32
lighttpd-1.4.33
lighttpd-1.4.34
lighttpd-1.4.35
lighttpd-1.4.36
lighttpd-1.4.36--rc1
lighttpd-1.4.37
lighttpd-1.4.38
lighttpd-1.4.39
lighttpd-1.4.4
lighttpd-1.4.40
lighttpd-1.4.41
lighttpd-1.4.42
lighttpd-1.4.43
lighttpd-1.4.44
lighttpd-1.4.45
lighttpd-1.4.46
lighttpd-1.4.47
lighttpd-1.4.48
lighttpd-1.4.49
lighttpd-1.4.5
lighttpd-1.4.50
lighttpd-1.4.51
lighttpd-1.4.52
lighttpd-1.4.53
lighttpd-1.4.54
lighttpd-1.4.55
lighttpd-1.4.56
lighttpd-1.4.56-rc1
lighttpd-1.4.56-rc2
lighttpd-1.4.56-rc3
lighttpd-1.4.56-rc4
lighttpd-1.4.56-rc5
lighttpd-1.4.56-rc6
lighttpd-1.4.56-rc7
lighttpd-1.4.57
lighttpd-1.4.58
lighttpd-1.4.59
lighttpd-1.4.6
lighttpd-1.4.60
lighttpd-1.4.61
lighttpd-1.4.62
lighttpd-1.4.63
lighttpd-1.4.64
lighttpd-1.4.65
lighttpd-1.4.7