Stack-based Buffer Overflow in Lighttpd Affects mod_extforward Plugin
CVE-2022-22707

5.9MEDIUM

Key Information:

Vendor: Lighttpd
Status: Lighttpd
Vendor: CVE Published:; 6 January 2022

What is CVE-2022-22707?

The mod_extforward plugin of Lighttpd versions 1.4.46 to 1.4.63 contains a stack-based buffer overflow vulnerability that may lead to a remote denial of service. The flaw arises from the improper handling of the Forwarded header in non-default configurations, making systems particularly vulnerable if they operate on 32-bit architecture. Successful exploitation could cause the daemon to crash, resulting in service interruptions. Users are advised to review their configurations and apply available patches to mitigate this risk.

References

https://redmine.lighttpd.net/issues/3134

x_refsource_MISC

https://www.debian.org/security/2022/dsa-5040

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2022
Vulnerability Reserved
Jan 6, 2022