{"id":"CVE-2022-30780","details":"Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.","modified":"2026-04-10T04:47:40.347237Z","published":"2022-06-11T15:15:08.807Z","references":[{"type":"FIX","url":"https://redmine.lighttpd.net/issues/3059"},{"type":"PACKAGE","url":"https://github.com/lighttpd/lighttpd1.4"},{"type":"EVIDENCE","url":"https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service"},{"type":"EVIDENCE","url":"https://podalirius.net/en/cves/2022-30780/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lighttpd/lighttpd1.4","events":[{"introduced":"0"},{"last_affected":"b8e011d230c206503f072cce0c176da8a938cf00"},{"introduced":"0"},{"last_affected":"91250ee0bda79f6616cfa5e4dd1ec195f732527e"},{"introduced":"0"},{"last_affected":"992ba517abcfe9c162df0ba1383a051fe4ebd77c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.56"},{"introduced":"0"},{"last_affected":"1.4.57"},{"introduced":"0"},{"last_affected":"1.4.58"}]}}],"versions":["lighttpd-1.3.11","lighttpd-1.3.12","lighttpd-1.3.13","lighttpd-1.3.14","lighttpd-1.3.15","lighttpd-1.3.16","lighttpd-1.4.1","lighttpd-1.4.2","lighttpd-1.4.25","lighttpd-1.4.26","lighttpd-1.4.27","lighttpd-1.4.28","lighttpd-1.4.29","lighttpd-1.4.3","lighttpd-1.4.30","lighttpd-1.4.31","lighttpd-1.4.32","lighttpd-1.4.33","lighttpd-1.4.34","lighttpd-1.4.35","lighttpd-1.4.36","lighttpd-1.4.36--rc1","lighttpd-1.4.37","lighttpd-1.4.38","lighttpd-1.4.39","lighttpd-1.4.4","lighttpd-1.4.40","lighttpd-1.4.41","lighttpd-1.4.42","lighttpd-1.4.43","lighttpd-1.4.44","lighttpd-1.4.45","lighttpd-1.4.46","lighttpd-1.4.47","lighttpd-1.4.48","lighttpd-1.4.49","lighttpd-1.4.5","lighttpd-1.4.50","lighttpd-1.4.51","lighttpd-1.4.52","lighttpd-1.4.53","lighttpd-1.4.54","lighttpd-1.4.55","lighttpd-1.4.56","lighttpd-1.4.56-rc1","lighttpd-1.4.56-rc2","lighttpd-1.4.56-rc3","lighttpd-1.4.56-rc4","lighttpd-1.4.56-rc5","lighttpd-1.4.56-rc6","lighttpd-1.4.56-rc7","lighttpd-1.4.57","lighttpd-1.4.58","lighttpd-1.4.6","lighttpd-1.4.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30780.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}