Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP3 package lighttpd, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2022-37797 — CVSS 7.5 (high): In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is…
CVE-2022-41556 — CVSS 7.5 (high): A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a…
CVE-2022-22707 — CVSS 5.9 (medium): In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4…