SecuritySpace - CVE-2022-22707

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2022-22707

Description: In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non- default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.

Test IDs: 1.3.6.1.4.1.25623.1.1.10.2022.0161 1.3.6.1.4.1.25623.1.0.147394 1.3.6.1.4.1.25623.1.0.705040

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-22707
Debian Security Information: DSA-5040 (Google Search)
https://www.debian.org/security/2022/dsa-5040
https://redmine.lighttpd.net/issues/3134

CVE ID:	CVE-2022-22707
Description:	In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non- default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
Test IDs:	1.3.6.1.4.1.25623.1.1.10.2022.0161 1.3.6.1.4.1.25623.1.0.147394 1.3.6.1.4.1.25623.1.0.705040
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-22707 Debian Security Information: DSA-5040 (Google Search) https://www.debian.org/security/2022/dsa-5040 https://redmine.lighttpd.net/issues/3134