Description

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.

Remediation

References

CVE-2022-41556

Related Vulnerabilities

WordPress Plugin RSVPMaker SQL Injection (9.3.2)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)

WordPress Plugin WP24 Domain Check Cross-Site Scripting (1.6.2)

ownCloud Other Vulnerability (CVE-2014-2056)

Microsoft SQL Server Improper Input Validation Vulnerability (CVE-1999-0999)

Severity

High

Classification

CVE-2022-41556 CWE-401 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities