ALT-PU-2022-6410-1
Closed vulnerabilities
Published: 2022-09-02
BDU:2022-06197
Уязвимость модулей mod_fastcgi и mod_scgi веб-сервера lighttpd, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-10-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50
- https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50
- https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67
- https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67
- https://github.com/lighttpd/lighttpd1.4/pull/115
- https://github.com/lighttpd/lighttpd1.4/pull/115
- FEDORA-2022-c26b19568d
- FEDORA-2022-c26b19568d
- GLSA-202210-12
- GLSA-202210-12