1. CVE-Search
  2. CVE-2022-22707
ID CVE-2022-22707
Summary In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
References
Vulnerable Configurations
  • cpe:2.3:a:lighttpd:lighttpd:1.4.46:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.46:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.47:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.47:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.48:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.48:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.49:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.49:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.50:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.50:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.51:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.51:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.52:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.52:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.53:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.53:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.63:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.63:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-01-2022 - 20:52)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
Last major update 13-01-2022 - 20:52
Published 06-01-2022 - 06:15
Last modified 13-01-2022 - 20:52
Back to Top