{"id":"CVE-2022-22707","details":"In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.","modified":"2026-04-16T04:39:50.233490945Z","published":"2022-01-06T06:15:07.243Z","related":["openSUSE-SU-2022:0024-1","openSUSE-SU-2024:11764-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5040"},{"type":"EVIDENCE","url":"https://redmine.lighttpd.net/issues/3134"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lighttpd/lighttpd1.4","events":[{"introduced":"f07bcb145cbe2cfab8eccedb2a5c2dca7e728011"},{"last_affected":"0340dc943c2bd3c475ad6491a0d1cf3e87a2b51c"}],"database_specific":{"versions":[{"introduced":"1.4.46"},{"last_affected":"1.4.63"}]}}],"versions":["lighttpd-1.4.46","lighttpd-1.4.47","lighttpd-1.4.48","lighttpd-1.4.49","lighttpd-1.4.50","lighttpd-1.4.51","lighttpd-1.4.52","lighttpd-1.4.53","lighttpd-1.4.54","lighttpd-1.4.55","lighttpd-1.4.56","lighttpd-1.4.56-rc1","lighttpd-1.4.56-rc2","lighttpd-1.4.56-rc3","lighttpd-1.4.56-rc4","lighttpd-1.4.56-rc5","lighttpd-1.4.56-rc6","lighttpd-1.4.56-rc7","lighttpd-1.4.57","lighttpd-1.4.58","lighttpd-1.4.59","lighttpd-1.4.60","lighttpd-1.4.61","lighttpd-1.4.62","lighttpd-1.4.63"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22707.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}