vulnerability
SUSE: CVE-2022-22707: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Jan 6, 2022 | Feb 3, 2022 | Oct 26, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Jan 6, 2022
Added
Feb 3, 2022
Modified
Oct 26, 2022
Description
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
Solution(s)
suse-upgrade-lighttpdsuse-upgrade-lighttpd-mod_authn_gssapisuse-upgrade-lighttpd-mod_authn_ldapsuse-upgrade-lighttpd-mod_authn_pamsuse-upgrade-lighttpd-mod_authn_saslsuse-upgrade-lighttpd-mod_magnetsuse-upgrade-lighttpd-mod_maxminddbsuse-upgrade-lighttpd-mod_rrdtoolsuse-upgrade-lighttpd-mod_vhostdb_dbisuse-upgrade-lighttpd-mod_vhostdb_ldapsuse-upgrade-lighttpd-mod_vhostdb_mysqlsuse-upgrade-lighttpd-mod_vhostdb_pgsqlsuse-upgrade-lighttpd-mod_webdav
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.