{"id":"MGASA-2022-0369","summary":"Updated lighttpd packages fix security vulnerability","details":"In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function\npointer if an invalid HTTP request (websocket handshake) is received. It\nleads to null pointer dereference which crashes the server. It could be\nused by an external attacker to cause denial of service condition.\n(CVE-2022-37797)\n\nA resource leak in mod_fastcgi and mod_scgi could lead to a denial of\nservice after a large number of bad HTTP requests. (CVE-2022-41556)\n","modified":"2026-02-04T03:19:28.026309Z","published":"2022-10-13T20:05:19Z","related":["CVE-2022-37797","CVE-2022-41556"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0369.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30912"},{"type":"REPORT","url":"https://www.debian.org/security/2022/dsa-5243"}],"affected":[{"package":{"name":"lighttpd","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/lighttpd?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.59-1.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0369.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}