Vulnerability Description
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lighttpd | Lighttpd | 1.4.56 |
Related Weaknesses (CWE)
References
- https://github.com/lighttpd/lighttpd1.4ProductThird Party Advisory
- https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-serviceExploitThird Party Advisory
- https://podalirius.net/en/cves/2022-30780/ExploitThird Party Advisory
- https://redmine.lighttpd.net/issues/3059Issue TrackingPatchVendor Advisory
- https://github.com/lighttpd/lighttpd1.4ProductThird Party Advisory
- https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-serviceExploitThird Party Advisory
- https://podalirius.net/en/cves/2022-30780/ExploitThird Party Advisory
- https://redmine.lighttpd.net/issues/3059Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2022-30780?
CVE-2022-30780 is a vulnerability with a CVSS score of 7.5 (HIGH). Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disru...
How severe is CVE-2022-30780?
CVE-2022-30780 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-30780?
Check the references section above for vendor advisories and patch information. Affected products include: Lighttpd Lighttpd.