Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Lighttpd NULL Pointer Dereference Vulnerability - CVE-2022-37797 - Vulnerability Database
Lighttpd

Lighttpd NULL Pointer Dereference Vulnerability - CVE-2022-37797

High
Reference: CVE-2022-37797
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-37797
Title: Lighttpd NULL Pointer Dereference Vulnerability
Overview:

In lighttpd 1.4.65 mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.