CVE-2022-38667 - Vulnerability Details - OpenCVE

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02071.

Key SSVC decision points have not yet been added.

Vendors	Products
Crowcpp	Crow

Configuration 1 [-]

cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-41236	HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cwe.mitre.org/data/definitions/372.html
https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md
https://github.com/CrowCpp/Crow/pull/524
https://gynvael.coldwind.pl/?id=753

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-22T19:07:43

Updated: 2024-08-03T11:02:14.379Z

Reserved: 2022-08-22T00:00:00

Link: CVE-2022-38667

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-22T20:15:08.520

Modified: 2024-11-21T07:16:53.923

Link: CVE-2022-38667

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T14:58:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"tags": ["x_refsource_MISC"], "url": "https://gynvael.coldwind.pl/?id=753"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cwe.mitre.org/data/definitions/372.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"name": "https://github.com/CrowCpp/Crow/pull/524", "refsource": "MISC", "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"name": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md", "refsource": "MISC", "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"name": "https://gynvael.coldwind.pl/?id=753", "refsource": "MISC", "url": "https://gynvael.coldwind.pl/?id=753"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.379Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gynvael.coldwind.pl/?id=753"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38667", "datePublished": "2022-08-22T19:07:43", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-08-03T11:02:14.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*", "matchCriteriaId": "73462FC6-105D-430B-B879-0144267AA549", "versionEndIncluding": "1.0\\+4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}, {"lang": "es", "value": "Las aplicaciones HTTP (servidores) basadas en Crow hasta 1.0+4 pueden permitir un Use-After-Free y la ejecuci\u00f3n de c\u00f3digo cuando se utiliza HTTP pipelining. El parser HTTP soporta HTTP pipelining, pero la capa de conexi\u00f3n as\u00edncrona no es consciente de HTTP pipelining. Espec\u00edficamente, la capa de conexi\u00f3n no es consciente de que ha comenzado a procesar una solicitud posterior antes de que haya terminado de procesar una solicitud anterior"}], "id": "CVE-2022-38667", "lastModified": "2024-11-21T07:16:53.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T20:15:08.520", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?id=753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?id=753"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}