CVE-2022-38667

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/372.html	Technical Description Third Party Advisory
https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md	Exploit Third Party Advisory
https://github.com/CrowCpp/Crow/pull/524	Patch Third Party Advisory
https://gynvael.coldwind.pl/?id=753	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-22 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-38667

Mitre link : CVE-2022-38667

CVE.ORG link : CVE-2022-38667

JSON object : View

Products Affected

crowcpp

crow

CWE

CWE-416

Use After Free

{"id": "CVE-2022-38667", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-22T20:15:08.520", "references": [{"url": "https://cwe.mitre.org/data/definitions/372.html", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/CrowCpp/Crow/pull/524", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gynvael.coldwind.pl/?id=753", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}, {"lang": "es", "value": "Las aplicaciones HTTP (servidores) basadas en Crow hasta 1.0+4 pueden permitir un Use-After-Free y la ejecuci\u00f3n de c\u00f3digo cuando se utiliza HTTP pipelining. El parser HTTP soporta HTTP pipelining, pero la capa de conexi\u00f3n as\u00edncrona no es consciente de HTTP pipelining. Espec\u00edficamente, la capa de conexi\u00f3n no es consciente de que ha comenzado a procesar una solicitud posterior antes de que haya terminado de procesar una solicitud anterior"}], "lastModified": "2022-10-28T19:04:27.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73462FC6-105D-430B-B879-0144267AA549", "versionEndIncluding": "1.0\\+4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}