Bugzilla – Bug 1200476
VUL-0: CVE-2022-30780: lighttpd: remote denial of service in reachable in connection_read_header_more
Last modified: 2022-06-13 08:40:31 UTC
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of
service (CPU consumption from stuck connections) because
connection_read_header_more in connections.c has a typo that disrupts use of
multiple read operations on large headers.
The bug was introduced in v1.4.56 by this commit , therefore SUSE:SLE-12:Update/lighttpd v1.4.35 is not affected.
openSUSE codestreams are already fixed. Closing.