{"id":"CVE-2022-41556","details":"A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.","modified":"2026-05-18T05:54:01.197184617Z","published":"2022-10-06T00:00:00Z","related":["openSUSE-SU-2022:10140-1","openSUSE-SU-2024:12382-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41556.json"},"references":[{"type":"WEB","url":"https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50"},{"type":"WEB","url":"https://github.com/lighttpd/lighttpd1.4/compare/lighttpd-1.4.66...lighttpd-1.4.67"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41556.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVOSBSCMLGCHH2Z74H64ZWVDFJFQTBC2/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41556"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-12"},{"type":"FIX","url":"https://github.com/lighttpd/lighttpd1.4/pull/115"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lighttpd/lighttpd1.4","events":[{"introduced":"b8e011d230c206503f072cce0c176da8a938cf00"},{"fixed":"807b3e9a365d740946c5d0fb806459de765c4fa9"}]}],"versions":["lighttpd-1.4.65","lighttpd-1.4.64","lighttpd-1.4.63","lighttpd-1.4.62","lighttpd-1.4.61","lighttpd-1.4.60","lighttpd-1.4.59","lighttpd-1.4.58","lighttpd-1.4.57","lighttpd-1.4.56"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41556.json"}}],"schema_version":"1.7.5"}