1. CVE-Search
  2. CVE-2022-41556
ID CVE-2022-41556
Summary A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
References
Vulnerable Configurations
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:-:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:-:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc1:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc1:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc2:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc2:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc3:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc3:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc4:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc4:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc5:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc5:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc6:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc6:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc7:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.56:rc7:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.57:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.57:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.58:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.58:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.59:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.59:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.60:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.60:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.61:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.61:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.62:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.62:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.63:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.63:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.64:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.64:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.65:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.65:*:*:*:*:*:*:*
  • cpe:2.3:a:lighttpd:lighttpd:1.4.66:*:*:*:*:*:*:*
    cpe:2.3:a:lighttpd:lighttpd:1.4.66:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-401
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 03-12-2022 - 01:14
Published 06-10-2022 - 18:17
Last modified 03-12-2022 - 01:14
Back to Top