CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25103 – Use-after-free vulnerabilities in lighttpd <= 1.4.50
https://notcve.org/view.php?id=CVE-2018-25103
There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests. Existe una vulnerabilidad de use-after-free en lighttpd <= 1.4.50 que puede permitir el acceso para realizar una comparación que no distinga entre mayúsculas y minúsculas con el puntero reutilizado. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736 https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8 https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9 https://www.kb.cert.org/vuls/id/312260 https://www.runzero.com/blog/lighttpd •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41556
https://notcve.org/view.php?id=CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión) después de una gran cantidad de comportamiento TCP anómalo por parte de los clientes. • https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 https://github.com/lighttpd/lighttpd1.4/pull/115 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2 https://security.gentoo.org/glsa/202210-12 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 47%CPEs: 3EXPL: 2CVE-2022-30780
https://notcve.org/view.php?id=CVE-2022-30780
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. Lighttpd versiones 1.4.56 hasta 1.4.58, permite a un atacante remoto causar una denegación de servicio (consumo de CPU por conexiones atascadas) porque la función connection_read_header_more en el archivo connections.c presenta una errata que interrumpe el uso de múltiples operaciones de lectura en encabezados grandes • https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service https://github.com/lighttpd/lighttpd1.4 https://podalirius.net/en/cves/2022-30780 https://redmine.lighttpd.net/issues/3059 • CWE-682: Incorrect Calculation •
CVSS: 5.9EPSS: 3%CPEs: 3EXPL: 1CVE-2022-22707
https://notcve.org/view.php?id=CVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. En lighttpd versiones 1.4.46 hasta 1.4.63, la función mod_extforward_Forwarded del plugin mod_extforward tiene un desbordamiento de búfer basado en la pila (4 bytes que representan -1), como lo demuestra la denegación de servicio remota (caída del demonio) en una configuración no predeterminada. La configuración no predeterminada requiere el manejo de la cabecera Forwarded de una manera algo inusual. • https://redmine.lighttpd.net/issues/3134 https://www.debian.org/security/2022/dsa-5040 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 66%CPEs: 1EXPL: 1CVE-2019-11072
https://notcve.org/view.php?id=CVE-2019-11072
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. • http://www.securityfocus.com/bid/107907 https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354 https://redmine.lighttpd.net/issues/2945 • CWE-190: Integer Overflow or Wraparound •