Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Mageia 8: MGASA-2022-0161 Critical: Lighttpd Stack Overflow Remote DoS

mageia
Calendar Grey May 6, 2022
Dist Mageia Esm H88
Lighttpd patch addresses critical stack overflow issue in Mageia 8, mitigating potential for remote service disruption.
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated b...

Summary

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. (CVE-2022-22707)

References

- https://bugs.mageia.org/show_bug.cgi?id=29877

- https://lists.debian.org/debian-security-announce/2022/msg00006.html

-

- https://www.cve.org/CVERecord?id=CVE-2022-22707

Resolution

SRPMS

- 8/core/lighttpd-1.4.59-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 06 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0161.html
Type: security
CVE: CVE-2022-22707

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.