EPSS
Percentile
57.7%
lighttpd is vulnerable to denial of service. The vulnerability exists due to a lack of initialization when an invalide HTTP request (websocket handshake) leading to a null pointer dereference allowing an attacker to crash the system.
lists.debian.org/debian-lts-announce/2022/10/msg00002.html
redmine.lighttpd.net/issues/3165
security-tracker.debian.org/tracker/CVE-2022-37797
security.gentoo.org/glsa/202210-12
www.debian.org/security/2022/dsa-5243