CVE-2022-38667 - Vulnerability Details - OpenCVE

Description

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

Published: 2022-08-22

Score: 9.8 Critical

EPSS: 3.3% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-41236	HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03318.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://cwe.mitre.org/data/definitions/372.html
https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md
https://github.com/CrowCpp/Crow/pull/524
https://gynvael.coldwind.pl/?id=753

History

No history.

Subscriptions

Crowcpp Crow

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-22T19:07:43.000Z

Updated: 2024-08-03T11:02:14.379Z

Reserved: 2022-08-22T00:00:00.000Z

Link: CVE-2022-38667

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-22T20:15:08.520

Modified: 2024-11-21T07:16:53.923

Link: CVE-2022-38667

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T14:58:11.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"tags": ["x_refsource_MISC"], "url": "https://gynvael.coldwind.pl/?id=753"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cwe.mitre.org/data/definitions/372.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"name": "https://github.com/CrowCpp/Crow/pull/524", "refsource": "MISC", "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"name": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md", "refsource": "MISC", "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"name": "https://gynvael.coldwind.pl/?id=753", "refsource": "MISC", "url": "https://gynvael.coldwind.pl/?id=753"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.379Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gynvael.coldwind.pl/?id=753"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38667", "datePublished": "2022-08-22T19:07:43.000Z", "dateReserved": "2022-08-22T00:00:00.000Z", "dateUpdated": "2024-08-03T11:02:14.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*", "matchCriteriaId": "73462FC6-105D-430B-B879-0144267AA549", "versionEndIncluding": "1.0\\+4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}, {"lang": "es", "value": "Las aplicaciones HTTP (servidores) basadas en Crow hasta 1.0+4 pueden permitir un Use-After-Free y la ejecuci\u00f3n de c\u00f3digo cuando se utiliza HTTP pipelining. El parser HTTP soporta HTTP pipelining, pero la capa de conexi\u00f3n as\u00edncrona no es consciente de HTTP pipelining. Espec\u00edficamente, la capa de conexi\u00f3n no es consciente de que ha comenzado a procesar una solicitud posterior antes de que haya terminado de procesar una solicitud anterior"}], "id": "CVE-2022-38667", "lastModified": "2024-11-21T07:16:53.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T20:15:08.520", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?id=753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?id=753"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}