CVE-2022-41556

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41556

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41556.json

Related

Published

2022-10-06T18:17:03Z

Modified

2023-11-29T09:51:31.178717Z

Details

A resource leak in gwbackend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of modfastcgi is, for example, affected. This is fixed in 1.4.67.

References

Affected packages

Alpine:v3.15 / lighttpd

Package

Name: lighttpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.67-r0

Affected versions

1.*

1.4.20-r1

1.4.20-r2

1.4.22-r0

1.4.23-r0

1.4.23-r1

1.4.23-r2

1.4.24-r0

1.4.25-r0

1.4.25-r1

1.4.25-r2

1.4.26-r0

1.4.26-r1

1.4.26-r2

1.4.26-r3

1.4.26-r4

1.4.26-r5

1.4.27-r0

1.4.28-r0

1.4.28-r3

1.4.28-r4

1.4.28-r5

1.4.28-r6

1.4.28-r7

1.4.29-r0

1.4.29-r1

1.4.29-r2

1.4.30-r0

1.4.30-r1

1.4.30-r2

1.4.30-r3

1.4.31-r0

1.4.32-r0

1.4.32-r1

1.4.33-r1

1.4.33-r2

1.4.33-r3

1.4.34-r0

1.4.34-r1

1.4.35-r0

1.4.35-r1

1.4.35-r2

1.4.35-r3

1.4.35-r4

1.4.36-r0

1.4.37-r0

1.4.38-r0

1.4.39-r0

1.4.39-r1

1.4.39-r2

1.4.39-r3

1.4.39-r4

1.4.40-r0

1.4.40-r1

1.4.42-r0

1.4.43-r0

1.4.44-r0

1.4.45-r0

1.4.45-r1

1.4.47-r0

1.4.47-r1

1.4.48-r0

1.4.48-r1

1.4.49-r0

1.4.49-r1

1.4.50-r0

1.4.50-r1

1.4.52-r0

1.4.53-r0

1.4.53-r1

1.4.54-r0

1.4.54-r1

1.4.55-r0

1.4.55-r1

1.4.56-r0

1.4.57-r0

1.4.59-r0

1.4.59-r1

1.4.59-r2

1.4.60-r0

1.4.61-r0

1.4.61-r1

1.4.64-r1

Alpine:v3.16 / lighttpd

Package

Name: lighttpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.67-r0

Affected versions

1.*

1.4.20-r1

1.4.20-r2

1.4.22-r0

1.4.23-r0

1.4.23-r1

1.4.23-r2

1.4.24-r0

1.4.25-r0

1.4.25-r1

1.4.25-r2

1.4.26-r0

1.4.26-r1

1.4.26-r2

1.4.26-r3

1.4.26-r4

1.4.26-r5

1.4.27-r0

1.4.28-r0

1.4.28-r3

1.4.28-r4

1.4.28-r5

1.4.28-r6

1.4.28-r7

1.4.29-r0

1.4.29-r1

1.4.29-r2

1.4.30-r0

1.4.30-r1

1.4.30-r2

1.4.30-r3

1.4.31-r0

1.4.32-r0

1.4.32-r1

1.4.33-r1

1.4.33-r2

1.4.33-r3

1.4.34-r0

1.4.34-r1

1.4.35-r0

1.4.35-r1

1.4.35-r2

1.4.35-r3

1.4.35-r4

1.4.36-r0

1.4.37-r0

1.4.38-r0

1.4.39-r0

1.4.39-r1

1.4.39-r2

1.4.39-r3

1.4.39-r4

1.4.40-r0

1.4.40-r1

1.4.42-r0

1.4.43-r0

1.4.44-r0

1.4.45-r0

1.4.45-r1

1.4.47-r0

1.4.47-r1

1.4.48-r0

1.4.48-r1

1.4.49-r0

1.4.49-r1

1.4.50-r0

1.4.50-r1

1.4.52-r0

1.4.53-r0

1.4.53-r1

1.4.54-r0

1.4.54-r1

1.4.55-r0

1.4.55-r1

1.4.56-r0

1.4.57-r0

1.4.59-r0

1.4.59-r1

1.4.59-r2

1.4.60-r0

1.4.61-r0

1.4.61-r1

1.4.62-r1

1.4.63-r1

1.4.64-r1

Alpine:v3.17 / lighttpd

Package

Name: lighttpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.67-r0

Affected versions

1.*

1.4.20-r1

1.4.20-r2

1.4.22-r0

1.4.23-r0

1.4.23-r1

1.4.23-r2

1.4.24-r0

1.4.25-r0

1.4.25-r1

1.4.25-r2

1.4.26-r0

1.4.26-r1

1.4.26-r2

1.4.26-r3

1.4.26-r4

1.4.26-r5

1.4.27-r0

1.4.28-r0

1.4.28-r3

1.4.28-r4

1.4.28-r5

1.4.28-r6

1.4.28-r7

1.4.29-r0

1.4.29-r1

1.4.29-r2

1.4.30-r0

1.4.30-r1

1.4.30-r2

1.4.30-r3

1.4.31-r0

1.4.32-r0

1.4.32-r1

1.4.33-r1

1.4.33-r2

1.4.33-r3

1.4.34-r0

1.4.34-r1

1.4.35-r0

1.4.35-r1

1.4.35-r2

1.4.35-r3

1.4.35-r4

1.4.36-r0

1.4.37-r0

1.4.38-r0

1.4.39-r0

1.4.39-r1

1.4.39-r2

1.4.39-r3

1.4.39-r4

1.4.40-r0

1.4.40-r1

1.4.42-r0

1.4.43-r0

1.4.44-r0

1.4.45-r0

1.4.45-r1

1.4.47-r0

1.4.47-r1

1.4.48-r0

1.4.48-r1

1.4.49-r0

1.4.49-r1

1.4.50-r0

1.4.50-r1

1.4.52-r0

1.4.53-r0

1.4.53-r1

1.4.54-r0

1.4.54-r1

1.4.55-r0

1.4.55-r1

1.4.56-r0

1.4.57-r0

1.4.59-r0

1.4.59-r1

1.4.59-r2

1.4.60-r0

1.4.61-r0

1.4.61-r1

1.4.62-r0

1.4.63-r0

1.4.64-r0

1.4.65-r0

1.4.65-r1

1.4.66-r1

Alpine:v3.18 / lighttpd

Package

Name: lighttpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.67-r0

Affected versions

1.*

1.4.20-r1

1.4.20-r2

1.4.22-r0

1.4.23-r0

1.4.23-r1

1.4.23-r2

1.4.24-r0

1.4.25-r0

1.4.25-r1

1.4.25-r2

1.4.26-r0

1.4.26-r1

1.4.26-r2

1.4.26-r3

1.4.26-r4

1.4.26-r5

1.4.27-r0

1.4.28-r0

1.4.28-r3

1.4.28-r4

1.4.28-r5

1.4.28-r6

1.4.28-r7

1.4.29-r0

1.4.29-r1

1.4.29-r2

1.4.30-r0

1.4.30-r1

1.4.30-r2

1.4.30-r3

1.4.31-r0

1.4.32-r0

1.4.32-r1

1.4.33-r1

1.4.33-r2

1.4.33-r3

1.4.34-r0

1.4.34-r1

1.4.35-r0

1.4.35-r1

1.4.35-r2

1.4.35-r3

1.4.35-r4

1.4.36-r0

1.4.37-r0

1.4.38-r0

1.4.39-r0

1.4.39-r1

1.4.39-r2

1.4.39-r3

1.4.39-r4

1.4.40-r0

1.4.40-r1

1.4.42-r0

1.4.43-r0

1.4.44-r0

1.4.45-r0

1.4.45-r1

1.4.47-r0

1.4.47-r1

1.4.48-r0

1.4.48-r1

1.4.49-r0

1.4.49-r1

1.4.50-r0

1.4.50-r1

1.4.52-r0

1.4.53-r0

1.4.53-r1

1.4.54-r0

1.4.54-r1

1.4.55-r0

1.4.55-r1

1.4.56-r0

1.4.57-r0

1.4.59-r0

1.4.59-r1

1.4.59-r2

1.4.60-r0

1.4.61-r0

1.4.61-r1

1.4.62-r0

1.4.63-r0

1.4.64-r0

1.4.65-r0

1.4.65-r1

1.4.66-r0

Git / github.com/lighttpd/lighttpd1.4

Affected ranges

Type: GIT
Repo: https://github.com/lighttpd/lighttpd1.4
Events: Introduced

b8e011d230c206503f072cce0c176da8a938cf00

Fixed

fc4cdb76479f10b2c0712f386ca5e405581ed0fc

Affected versions

lighttpd-1.*

lighttpd-1.4.56

lighttpd-1.4.57

lighttpd-1.4.58

lighttpd-1.4.59

lighttpd-1.4.60

lighttpd-1.4.61

lighttpd-1.4.62

lighttpd-1.4.63

lighttpd-1.4.64

lighttpd-1.4.65

lighttpd-1.4.66