CVE-2022-41556
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión) después de una gran cantidad de comportamiento TCP anómalo por parte de los clientes. Está relacionado con un manejo inapropiado de RDHUP en determinadas situaciones de HTTP/1.1 chunked. El uso de mod_fastcgi está, por ejemplo, afectado. Esto ha sido corregido en versión 1.4.67
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-26 CVE Reserved
- 2022-09-28 CVE Published
- 2024-05-27 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/lighttpd/lighttpd1.4/pull/115 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Lighttpd Search vendor "Lighttpd" | Lighttpd Search vendor "Lighttpd" for product "Lighttpd" | >= 1.4.56 < 1.4.67 Search vendor "Lighttpd" for product "Lighttpd" and version " >= 1.4.56 < 1.4.67" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
|