Home > Vulnerability Database > CVE-2022-37797

Mend.io Vulnerability Database

CVE-2022-37797

Good to know:

Date: September 12, 2022

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.

Language: C

Severity Score

7.5

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2022-37797

Url: https://lists.debian.org/debian-lts-announce/2022/10/msg00002.html

Url: https://redmine.lighttpd.net/issues/3165

Url: https://security.gentoo.org/glsa/202210-12

Url: https://www.debian.org/security/2022/dsa-5243

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-37797

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-37797

Url: https://www.mend.io/vulnerability-database/CVE-2022-37797

Severity Score

7.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version lighttpd-1.4.65

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-37797

Good to know:

Date: September 12, 2022

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?