Oval Definition:oval:org.opensuse.security:def:202222707
Revision Date:2022-09-02Version:1
Title:CVE-2022-22707
Description:

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-22707
SUSE CVE-2022-22707
openSUSE-SU-2022:0024-1
Platform(s):openSUSE Leap 15.3
openSUSE Tumbleweed
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND lighttpd is not affected
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • lighttpd-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_authn_gssapi is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_authn_ldap is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_authn_pam is signed with openSUSE key
  • OR
  • lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_authn_sasl is signed with openSUSE key
  • OR
  • lighttpd-mod_magnet-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_magnet is signed with openSUSE key
  • OR
  • lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_maxminddb is signed with openSUSE key
  • OR
  • lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_rrdtool is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_vhostdb_dbi is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_vhostdb_ldap is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_vhostdb_mysql is signed with openSUSE key
  • OR
  • lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_vhostdb_pgsql is signed with openSUSE key
  • OR
  • lighttpd-mod_webdav-1.4.64-bp153.2.3.1 is installed
  • AND lighttpd-mod_webdav is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • lighttpd-1.4.64-1.1 is installed
  • OR lighttpd-mod_authn_gssapi-1.4.64-1.1 is installed
  • OR lighttpd-mod_authn_ldap-1.4.64-1.1 is installed
  • OR lighttpd-mod_authn_pam-1.4.64-1.1 is installed
  • OR lighttpd-mod_authn_sasl-1.4.64-1.1 is installed
  • OR lighttpd-mod_magnet-1.4.64-1.1 is installed
  • OR lighttpd-mod_maxminddb-1.4.64-1.1 is installed
  • OR lighttpd-mod_rrdtool-1.4.64-1.1 is installed
  • OR lighttpd-mod_vhostdb_dbi-1.4.64-1.1 is installed
  • OR lighttpd-mod_vhostdb_ldap-1.4.64-1.1 is installed
  • OR lighttpd-mod_vhostdb_mysql-1.4.64-1.1 is installed
  • OR lighttpd-mod_vhostdb_pgsql-1.4.64-1.1 is installed
  • OR lighttpd-mod_webdav-1.4.64-1.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND lighttpd is not affected
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND lighttpd is not affected
    • BACK