An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client.
References
| Link | Resource |
|---|---|
| https://github.com/caddyserver/caddy/issues/4775 | Exploit Issue Tracking Patch Third Party Advisory |
| https://github.com/caddyserver/caddy/issues/4775#issuecomment-1203388116 |
Configurations
History
03 May 2024, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client. | |
| References |
|
28 Jul 2022, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-125 | |
| CPE | cpe:2.3:a:caddyserver:caddy:2.5.1:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| References | (MISC) https://github.com/caddyserver/caddy/issues/4775 - Exploit, Issue Tracking, Patch, Third Party Advisory |
22 Jul 2022, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-07-22 15:15
Updated : 2024-05-17 02:10
NVD link : CVE-2022-34037
Mitre link : CVE-2022-34037
CVE.ORG link : CVE-2022-34037
JSON object : View
Products Affected
caddyserver
- caddy
CWE
CWE-125
Out-of-bounds Read