← Retour aux CVEs

CVE-2022-38667

CRITICAL

9.8

Description

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/22/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

crowcpp:crow

Faiblesses (CWE)

CWE-416

References

https://cwe.mitre.org/data/definitions/372.html(cve@mitre.org)

https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md(cve@mitre.org)

https://github.com/CrowCpp/Crow/pull/524(cve@mitre.org)

https://gynvael.coldwind.pl/?id=753(cve@mitre.org)

https://cwe.mitre.org/data/definitions/372.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/CrowCpp/Crow/pull/524(af854a3a-2127-422b-91ae-364da2661108)

https://gynvael.coldwind.pl/?id=753(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.