logo

Database

Out-of-bounds read In github.com/caddyserver/caddy

Description

Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service

Withdrawn Advisory

This advisory has been withdrawn because it is a bug, not a vulnerability. According to the maintainer, the bug only affects the client side of the request and cannot cause a denial of service on the server.

Original Description

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) on the client side via a crafted URI.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-340372. NVD-2022-340373. OSV-2022-340374. GCVE-2022-34037

References

1. https://github.com/caddyserver/caddy/issues/47752. https://github.com/caddyserver/caddy/issues/4775#issuecomment-12033881163. https://github.com/caddyserver/caddy/commit/693e9b5283e675b56084ecc83d73176cab0ee27c

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.