lighttpd 1.4.65

CPE Details

lighttpd 1.4.65
1.4.65
2022-06-14
11h42 +00:00
2022-06-15
11h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lighttpd:lighttpd:1.4.65:*:*:*:*:*:*:*

Informations

Vendor

lighttpd

Product

lighttpd

Version

1.4.65

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-41556 2022-10-05 22h00 +00:00 A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
7.5
High
CVE-2022-37797 2022-09-11 22h00 +00:00 In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.
7.5
High