Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint. CVE-2022-37797 An invalid HTTP request may cause a NULL pointer dereference in the wstunnel module. CVE-2022-41556 A resource leak in mod_fastcgi and mod_scgi could lead to a denial of service after a large number of bad HTTP requests.