[Debian] CVE: CVE-2022-41556/CVE-2022-30780: Lighttpd : multiple CVEs Edit
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Won't Fix
|
Medium
|
Yue Tao | ||
Bug Description
CVE-2022-41556: [https:/
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
CVE-2022-30780: [https:/
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-41556 fixed 7.5 N L N N H
CVE-2022-30780 fixed 7.5 N L N N H
References:
https:/
https:/
[lighttpd_
CVE References
| Yue Tao (wrytao) wrote | #1 |
| information type: | Public → Public Security |
| Changed in starlingx: | |
| assignee: | nobody → Yue Tao (wrytao) |
| importance: | Undecided → Medium |
| tags: | added: stx.8.0 stx.security |
| Changed in starlingx: | |
| status: | New → Won't Fix |
CVE-2022-41556: introduced by: https:/
CVE-2022-30780: introduced by: https:/