CVE-2022-41556
HIGH7.5EPSS 1.8%發布日:2022/10/6修改日:2025/12/3
也稱為:ALPINE-CVE-2022-41556
描述
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
受影響套件(2)
- Alpine/lighttpdfrom 0, < 1.4.67-r0
- Debian/lighttpdfrom 0, < 1.4.59-1+deb11u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |