CVE-2022-37797 In lighttpd 1.4.65, mod_wstunnel doesn't initialize a handler function pointer if an invalid HTTP request is received. This leads to a crash.

mod_wstunnel 1.0.9 and later is not affected by this issue. * mod_wstunnel 1.0.9 and later is not affected by this issue.
Affected version The issue affects only versions of lighttpd prior to 1.4.65. It does not affect the latest version of lighttpd which is 1.4.88. It could affect any other version prior to 1.4.65 which is the first version to have mod_wstunnel enabled. Workaround Until this issue is addressed and a better one found, you can reduce the risk of a crash by disabling the websocket feature in lighttpd if you are using mod_wstunnel. If you are using a version of lighttpd other than 1.4.65, you can upgrade to 1.4.65 or later which has been patched to resolve this issue. End users can upgrade their installations via the package manager. Or you can manually patch your lighttpd server to the latest version. Go to the directory /etc/lighttpd/ and patch the lighttpd configuration as follows: --- /etc/lighttpd/lighttpd.conf 1: --- server.available-protocols = ws://

What is WebSocket?

A WebSocket is a communication method through which client-server messages are transmitted in plain text over TCP. It is often used to create bidirectional, full-duplex communications channels over the Internet.

WebSocket operates on the principle of active open sockets and can be either unencrypted or encrypted using SSL/TLS.

Vulnerable code if ( $HTTP_SERVER_VARS["SESSIONID"] && (isset($HTTP_SESSIONID) || isset($HTTP_COOKIE_VARS["SESSIONID"])) &&

$HTTP_SERVER_VARS["REMOTE_ADDR"] == $remoteip ) {
$server->SetLogLevel(2);
}

Timeline

Published on: 09/12/2022 15:15:00 UTC
Last modified on: 09/15/2022 04:08:00 UTC

References