2110269 – (CVE-2022-34037) CVE-2022-34037 caddy: oob read allows for DoS

Bug 2110269 (CVE-2022-34037) - CVE-2022-34037 caddy: oob read allows for DoS

Summary: CVE-2022-34037 caddy: oob read allows for DoS

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-34037
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2110057
TreeView+	depends on / blocked

Reported:	2022-07-25 05:06 UTC by Avinash Hanwate
Modified:	2023-04-04 12:21 UTC (History)
CC List:	47 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-07-27 04:36:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2022-07-25 05:06:33 UTC

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.

https://github.com/caddyserver/caddy/issues/4775

Note You need to log in before you can comment on or make changes to this bug.

adam.kaplan
akashem
amctagga
aos-network-edge-staff
bbennett
bmontgom
carangog
cdaley
dwhatley
dymurray
eparis
etamir
gparvin
hchiramm
ibolton
jarrpa
jburrell
jitsingh
jmatthew
jmontleo
joelsmith
jramanat
lmeyer
madam
mfojtik
nbecker
njean
nobody
nstielau
ocp-storage-bot
ocs-bugs
openshift-release-oversight
pahickey
pbhattac
rphillips
sejug
slaznick
slucidi
sostapov
spandura
sponnaga
sseago
stcannon
sttts
surbania
tnielsen
whayutin