Bugzilla – Bug 1203872
VUL-0: CVE-2022-41556: lighttpd: resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests
Last modified: 2022-10-03 16:27:44 UTC
Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint.
A resource leak in mod_fastcgi and mod_scgi could lead to a denial
of service after a large number of bad HTTP requests.
Upstream PR and commits:
For the stable distribution (bullseye), these problems have been fixed in
We recommend that you upgrade your lighttpd packages.
For the detailed security status of lighttpd please refer to its
security tracker page at:
SUSE codestreams not affected, openSUSE:Factory already fixed.
This is an autogenerated message for OBS integration:
This bug (1203872) was mentioned in
https://build.opensuse.org/request/show/1006862 Factory / lighttpd
https://build.opensuse.org/request/show/1006863 Backports:SLE-15-SP3+Backports:SLE-15-SP4 / lighttpd
openSUSE-SU-2022:10140-1: An update that fixes one vulnerability is now available.
Category: security (moderate)
Bug References: 1203872
CVE References: CVE-2022-41556
openSUSE Backports SLE-15-SP4 (src): lighttpd-1.4.67-bp126.96.36.199
openSUSE Backports SLE-15-SP3 (src): lighttpd-1.4.67-bp188.8.131.52