Description

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.

Remediation

References

CVE-2022-41556

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1)

PHP Other Vulnerability (CVE-2007-1452)

Artifactory Improper Input Validation Vulnerability (CVE-2019-19937)

WordPress Plugin VN-Calendar Multiple Cross-Site Scripting Vulnerabilities (1.0)

Magento Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3458)

Severity

High

Classification

CVE-2022-41556 CWE-401 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities