Denial of Service Vulnerability in lighttpd Web Server by Lighttpd
CVE-2022-37797
7.5HIGH
What is CVE-2022-37797?
In lighttpd version 1.4.65, a flaw has been identified within the mod_wstunnel module that does not properly initialize a handler function pointer when an invalid HTTP request (specifically during the websocket handshake) is encountered. This oversight can lead to a null pointer dereference, resulting in a crash of the server. An external attacker could potentially exploit this vulnerability to induce a denial of service condition, disrupting service availability for legitimate users.