CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25103 – Use-after-free vulnerabilities in lighttpd <= 1.4.50
https://notcve.org/view.php?id=CVE-2018-25103
There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. Existe una vulnerabilidad de use-after-free en lighttpd <= 1.4.50 que puede permitir el acceso para realizar una comparación que no distinga entre mayúsculas y minúsculas con el puntero reutilizado. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736 https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8 https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9 https://www.kb.cert.org/vuls/id/312260 https://www.runzero.com/blog/lighttpd •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41556
https://notcve.org/view.php?id=CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión) después de una gran cantidad de comportamiento TCP anómalo por parte de los clientes. • https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 https://github.com/lighttpd/lighttpd1.4/pull/115 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2 https://security.gentoo.org/glsa/202210-12 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37797
https://notcve.org/view.php?id=CVE-2022-37797
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. En lighttpd 1.4.65, la función mod_wstunnel no inicializa un puntero de función de manejador si es recibida una petición HTTP no válida (websocket handshake). Esto conlleva a una desreferencia de puntero null que hace que el servidor sea bloqueado. • https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html https://redmine.lighttpd.net/issues/3165 https://security.gentoo.org/glsa/202210-12 https://www.debian.org/security/2022/dsa-5243 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 47%CPEs: 3EXPL: 2CVE-2022-30780
https://notcve.org/view.php?id=CVE-2022-30780
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. Lighttpd versiones 1.4.56 hasta 1.4.58, permite a un atacante remoto causar una denegación de servicio (consumo de CPU por conexiones atascadas) porque la función connection_read_header_more en el archivo connections.c presenta una errata que interrumpe el uso de múltiples operaciones de lectura en encabezados grandes • https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service https://github.com/lighttpd/lighttpd1.4 https://podalirius.net/en/cves/2022-30780 https://redmine.lighttpd.net/issues/3059 • CWE-682: Incorrect Calculation •
CVSS: 5.9EPSS: 2%CPEs: 3EXPL: 1CVE-2022-22707
https://notcve.org/view.php?id=CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. En lighttpd versiones 1.4.46 hasta 1.4.63, la función mod_extforward_Forwarded del plugin mod_extforward tiene un desbordamiento de búfer basado en la pila (4 bytes que representan -1), como lo demuestra la denegación de servicio remota (caída del demonio) en una configuración no predeterminada. La configuración no predeterminada requiere el manejo de la cabecera Forwarded de una manera algo inusual. • https://redmine.lighttpd.net/issues/3134 https://www.debian.org/security/2022/dsa-5040 • CWE-787: Out-of-bounds Write •