CVE-2022-37797
HIGH7.5EPSS 1.4%lighttpd - security update
發布日:2022/9/12修改日:2026/4/28
描述
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.
受影響套件(3)
- Debian/lighttpdfrom 0, < 1.4.59-1+deb11u2
- Debian/lighttpdfrom 0, < 1.4.53-4+deb10u3
- Debian/lighttpdfrom 0, < 1.4.59-1+deb11u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |