What is the vulnerability ID for this out-of-bounds read in the rewrite function in Caddy v2.5.1?

The vulnerability ID for this out-of-bounds read in the rewrite function in Caddy v2.5.1 is CVE-2022-34037.

What is the severity of CVE-2022-34037?

The severity of CVE-2022-34037 is high with a CVSS score of 7.5.

How does CVE-2022-34037 impact Caddy v2.5.1?

CVE-2022-34037 allows attackers to cause a Denial of Service (DoS) by exploiting an out-of-bounds read in the rewrite function of Caddy v2.5.1.

How can I fix the out-of-bounds read vulnerability in Caddy v2.5.1?

To fix the out-of-bounds read vulnerability in Caddy v2.5.1, upgrade to a version that includes the fix, such as Caddy v2.5.2 or later.

Where can I find more information about CVE-2022-34037?

You can find more information about CVE-2022-34037 at the following reference: https://github.com/caddyserver/caddy/issues/4775.

Vulnerability/
CVE-2022-34037

high

7.5

CWE

125

22/7/2022

23/7/2022

17/5/2024

CVE-2022-34037

First published: Fri Jul 22 2022(Updated: )

## Withdrawn Advisory This advisory has been withdrawn because it is a bug, not a vulnerability. According to the maintainer, the bug only affects the client side of the request and cannot cause a denial of service on the server. ## Original Description An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) on the client side via a crafted URI.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Caddyserver Caddy	=2.5.1
go/github.com/caddyserver/caddy	<2.5.2	2.5.2
	=2.5.1

Remedy

https://github.com/caddyserver/caddy/issues/4775

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this out-of-bounds read in the rewrite function in Caddy v2.5.1?
The vulnerability ID for this out-of-bounds read in the rewrite function in Caddy v2.5.1 is CVE-2022-34037.
What is the severity of CVE-2022-34037?
The severity of CVE-2022-34037 is high with a CVSS score of 7.5.
How does CVE-2022-34037 impact Caddy v2.5.1?
CVE-2022-34037 allows attackers to cause a Denial of Service (DoS) by exploiting an out-of-bounds read in the rewrite function of Caddy v2.5.1.
How can I fix the out-of-bounds read vulnerability in Caddy v2.5.1?
To fix the out-of-bounds read vulnerability in Caddy v2.5.1, upgrade to a version that includes the fix, such as Caddy v2.5.2 or later.
Where can I find more information about CVE-2022-34037?
You can find more information about CVE-2022-34037 at the following reference: https://github.com/caddyserver/caddy/issues/4775.

agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/remedy
collector/mitre-cve
source/MITRE
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-m7gr-5w5g-36jf
alias/CVE-2022-34037
agent/severity
agent/last-modified-date
agent/references
agent/softwarecombine
agent/description
agent/event
collector/nvd-cve
agent/tags
collector/github-advisory
vendor/caddyserver
canonical/caddyserver caddy
version/caddyserver caddy/2.5.1
package-manager/go

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.