Home > Vulnerability Database > CVE-2022-41556

Mend.io Vulnerability Database

CVE-2022-41556

Date: October 5, 2022

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.

Language: C

Severity Score

7.5

Related Resources (10)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/

Url: https://github.com/lighttpd/lighttpd1.4/pull/115

Url: https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50

Url: https://security.alpinelinux.org/vuln/CVE-2022-41556

Url: https://security.gentoo.org/glsa/202210-12

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41556

Url: https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67

Url: https://security-tracker.debian.org/tracker/CVE-2022-41556

Url: https://www.mend.io/vulnerability-database/CVE-2022-41556

Severity Score

7.5

Weakness Type (CWE)

Missing Release of Memory after Effective Lifetime

CWE-401

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41556

Date: October 5, 2022

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?