SA-2023-001 - lighttpd buffer overflow (CVE-2022-2... - Extreme Networks

Summary

In lighttpd, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner.

Products not listed in the Impact Details section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.
Products Potentially Affected

Impact Details

OS/Product	Exposure
ExtremeGuest (Essentials)	No
ExtremeGuest (On-Premises)	No
WiNG	No

Repair Recommendations
None

Please see the main Security Advisory article here for more details.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2023-001 - lighttpd buffer overflow (CVE-2022-22707)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)