CVE-2022-38667 - OpenCVE

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Crowcpp	Crow

Configuration 1 [-]

cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cwe.mitre.org/data/definitions/372.html
https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md
https://github.com/CrowCpp/Crow/pull/524
https://gynvael.coldwind.pl/?id=753

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-22T19:07:43

Updated: 2024-08-03T11:02:14.379Z

Reserved: 2022-08-22T00:00:00

Link: CVE-2022-38667

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-22T20:15:08.520

Modified: 2022-10-28T19:04:27.337

Link: CVE-2022-38667

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T14:58:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"tags": ["x_refsource_MISC"], "url": "https://gynvael.coldwind.pl/?id=753"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cwe.mitre.org/data/definitions/372.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"name": "https://github.com/CrowCpp/Crow/pull/524", "refsource": "MISC", "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"name": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md", "refsource": "MISC", "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"name": "https://gynvael.coldwind.pl/?id=753", "refsource": "MISC", "url": "https://gynvael.coldwind.pl/?id=753"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.379Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gynvael.coldwind.pl/?id=753"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38667", "datePublished": "2022-08-22T19:07:43", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-08-03T11:02:14.379Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crowcpp:crow:*:*:*:*:*:*:*:*", "matchCriteriaId": "73462FC6-105D-430B-B879-0144267AA549", "versionEndIncluding": "1.0\\+4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request."}, {"lang": "es", "value": "Las aplicaciones HTTP (servidores) basadas en Crow hasta 1.0+4 pueden permitir un Use-After-Free y la ejecuci\u00f3n de c\u00f3digo cuando se utiliza HTTP pipelining. El parser HTTP soporta HTTP pipelining, pero la capa de conexi\u00f3n as\u00edncrona no es consciente de HTTP pipelining. Espec\u00edficamente, la capa de conexi\u00f3n no es consciente de que ha comenzado a procesar una solicitud posterior antes de que haya terminado de procesar una solicitud anterior"}], "id": "CVE-2022-38667", "lastModified": "2022-10-28T19:04:27.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T20:15:08.520", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/372.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/CrowCpp/Crow/pull/524"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gynvael.coldwind.pl/?id=753"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}