StarlingX

[Debian] High CVE: CVE-2022-22707: lighttpd: a stack-based buffer overflow

Bug #2021548 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Zhixiong Chi

Bug Description

CVE-2022-22707: https://nvd.nist.gov/vuln/detail/CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

Base Score: High

References:

https://security-tracker.debian.org/tracker/CVE-2022-22707

lighttpd_1.4.59-1+deb11u1

lighttpd is a source package in integ repository

CVE References

Yue Tao (wrytao)
tags: added: stx.9.0 stx.security
Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to integ (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/integ/+/886185

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to integ (master)

Reviewed: https://review.opendev.org/c/starlingx/integ/+/886185
Committed: https://opendev.org/starlingx/integ/commit/e61f579d8ba5a4c0e08ba397097ea34b6a15ca05
Submitter: "Zuul (22348)"
Branch: master

commit e61f579d8ba5a4c0e08ba397097ea34b6a15ca05
Author: Zhixiong Chi <email address hidden>
Date: Tue Jun 13 10:43:00 2023 +0800

    lighttd: Upgrade to 1.4.59-1+deb11u2

    Fix CVE-2022-22707 issue.

    Refer to:
    https://security-tracker.debian.org/tracker/CVE-2022-22707

    Meanwhile rebase the local patches for new version.

    TestPlan:
    PASS: build-pkgs -a
    PASS: build-image
    PASS: Jenkins Installation.
    PASS: Check the package version with 'dpkg -l'

    Closes-Bug: 2021548

    Signed-off-by: Zhixiong Chi <email address hidden>
    Change-Id: Id4b245ed4ba7c00d854ce758a3d241ad74fd1a0f

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
Ghada Khalil (gkhalil) wrote :

This was reverted due to issues introduced by the package upversion
Launchpad: https://bugs.launchpad.net/starlingx/+bug/2024626
Revert: https://review.opendev.org/c/starlingx/integ/+/886676

So re-opening as this CVE was not fixed

Changed in starlingx:
status: Fix Released → Confirmed
Revision history for this message
Zhixiong Chi (zhixiongchi) wrote :

https://review.opendev.org/c/starlingx/integ/+/888910
New commit to fix this CVE issue.

Changed in starlingx:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.