Vulnerabilities > Lighttpd > Lighttpd > 1.4.65

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-41556 Memory Leak vulnerability in multiple products
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients.
network
low complexity
lighttpd fedoraproject CWE-401
7.5
7.5
2022-09-12 CVE-2022-37797 NULL Pointer Dereference vulnerability in multiple products
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.
network
low complexity
lighttpd debian CWE-476
7.5
7.5