Vulnerabilities > CVE-2022-22707 - Out-of-bounds Write vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

lighttpd

debian

CWE-787

NVD

Published: 2022-01-06

Updated: 2022-01-13

Summary

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

Vulnerable Configurations

Part	Description	Count
Application	Lighttpd Lighttpd Lighttpd 1.4.46 Lighttpd Lighttpd 1.4.47 Lighttpd Lighttpd 1.4.48 Lighttpd Lighttpd 1.4.49 Lighttpd Lighttpd 1.4.50 Lighttpd Lighttpd 1.4.51 Lighttpd Lighttpd 1.4.52 Lighttpd Lighttpd 1.4.53 Lighttpd Lighttpd 1.4.63	9
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References