CVE-2022-34037: Out-of-bounds Read can lead to client side denial of service

July 22, 2022 (updated July 28, 2022)

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.

References

github.com/advisories/GHSA-m7gr-5w5g-36jf
github.com/caddyserver/caddy/commit/693e9b5283e675b56084ecc83d73176cab0ee27c
github.com/caddyserver/caddy/issues/4775
nvd.nist.gov/vuln/detail/CVE-2022-34037

Detect and mitigate CVE-2022-34037 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →