CVE-2022-34037 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-34037 Interim 1 10 2025-08-06T02:40:39Z current 2022-07-25T23:34:21Z 2025-08-06T02:40:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-34037 An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GQURFVT45F4OXOLLGP52CDBSBPTC2M4G/ E-Mail link for openSUSE-SU-2022:10080-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP4 openSUSE Leap 15.4 openSUSE Tumbleweed caddy-2.5.2-2.1 caddy-2.5.2-bp154.2.8.1 caddy-2.5.2-bp154.2.8.1 as a component of SUSE Package Hub 15 SP4 caddy-2.5.2-bp154.2.8.1 as a component of openSUSE Leap 15.4 caddy-2.5.2-2.1 as a component of openSUSE Tumbleweed An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client. CVE-2022-34037 SUSE Package Hub 15 SP4:caddy-2.5.2-bp154.2.8.1 openSUSE Leap 15.4:caddy-2.5.2-bp154.2.8.1 openSUSE Tumbleweed:caddy-2.5.2-2.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H