// For flags

CVE-2022-22707

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

En lighttpd versiones 1.4.46 hasta 1.4.63, la función mod_extforward_Forwarded del plugin mod_extforward tiene un desbordamiento de búfer basado en la pila (4 bytes que representan -1), como lo demuestra la denegación de servicio remota (caída del demonio) en una configuración no predeterminada. La configuración no predeterminada requiere el manejo de la cabecera Forwarded de una manera algo inusual. Además, es mucho más probable que un sistema de 32 bits se vea afectado que un sistema de 64 bits

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-06 CVE Reserved
  • 2022-01-06 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-09-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://redmine.lighttpd.net/issues/3134 2024-08-03
URL Date SRC
URL Date SRC
https://www.debian.org/security/2022/dsa-5040 2022-01-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lighttpd
Search vendor "Lighttpd"
 Lighttpd
Search vendor "Lighttpd" for product "Lighttpd"
 >= 1.4.46 <= 1.4.63
Search vendor "Lighttpd" for product "Lighttpd" and version " >= 1.4.46 <= 1.4.63"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected