CVE-2022-37797

2022-09-1215:15:08

Debian Security Bug Tracker

security-tracker.debian.org

lighttpd

mod_wstunnel

null pointer

denial of service

websocket

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

57.7%

JSON

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.

OSVersionArchitecturePackageVersionFilename
Debian12alllighttpd< 1.4.66-1lighttpd_1.4.66-1_all.deb
Debian11alllighttpd< 1.4.59-1+deb11u2lighttpd_1.4.59-1+deb11u2_all.deb
Debian999alllighttpd< 1.4.66-1lighttpd_1.4.66-1_all.deb
Debian13alllighttpd< 1.4.66-1lighttpd_1.4.66-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	lighttpd	< 1.4.66-1	lighttpd_1.4.66-1_all.deb
Debian	11	all	lighttpd	< 1.4.59-1+deb11u2	lighttpd_1.4.59-1+deb11u2_all.deb
Debian	999	all	lighttpd	< 1.4.66-1	lighttpd_1.4.66-1_all.deb
Debian	13	all	lighttpd	< 1.4.66-1	lighttpd_1.4.66-1_all.deb