{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21631", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T03:00:44.954Z", "datePublished": "2024-01-03T16:55:02.356Z", "dateUpdated": "2024-09-18T17:28:33.910Z"}, "containers": {"cna": {"title": "Integer overflow in URI leading to potential host spoofing", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-1104", "lang": "en", "description": "CWE-1104: Use of Unmaintained Third Party Components", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"}, {"name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", "tags": ["x_refsource_MISC"], "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"}], "affected": [{"vendor": "vapor", "product": "vapor", "versions": [{"version": "< 4.90.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-03T16:55:02.356Z"}, "descriptions": [{"lang": "en", "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.\n"}], "source": {"advisory": "GHSA-r6r4-5pr8-gjcp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.780Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"}, {"name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"}]}, {"affected": [{"vendor": "vapor", "product": "vapor", "cpes": ["cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.90.0", "versionType": "custom"}]}, {"vendor": "vapor", "product": "vapor", "cpes": ["cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "pkg:swift/github.com/vapor/vapor@0", "status": "affected", "lessThan": "pkg:swift/github.com/vapor/vapor@4.90.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-03T19:21:44.394603Z", "id": "CVE-2024-21631", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T17:28:33.910Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", "name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", "name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.780Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21631", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-03T19:21:44.394603Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*"], "vendor": "vapor", "product": "vapor", "versions": [{"status": "affected", "version": "0", "lessThan": "4.90.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*"], "vendor": "vapor", "product": "vapor", "versions": [{"status": "affected", "version": "pkg:swift/github.com/vapor/vapor@0", "lessThan": "pkg:swift/github.com/vapor/vapor@4.90.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T16:12:29.182Z"}}], "cna": {"title": "Integer overflow in URI leading to potential host spoofing", "source": {"advisory": "GHSA-r6r4-5pr8-gjcp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vapor", "product": "vapor", "versions": [{"status": "affected", "version": "< 4.90.0"}]}], "references": [{"url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", "name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", "name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1104", "description": "CWE-1104: Use of Unmaintained Third Party Components"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-03T16:55:02.356Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21631", "state": "PUBLISHED", "dateUpdated": "2024-09-18T17:28:33.910Z", "dateReserved": "2023-12-29T03:00:44.954Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-03T16:55:02.356Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7A4A9F5-B5B1-480E-9922-AF35861D75AF", "versionEndExcluding": "4.90.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.\n"}, {"lang": "es", "value": "Vapor es un framework web HTTP para Swift. Antes de la versi\u00f3n 4.90.0, la funci\u00f3n `vapor_urlparser_parse` de Vapor utiliza \u00edndices `uint16_t` al analizar los componentes de un URI, lo que puede causar desbordamientos de enteros al analizar entradas que no son de confianza. Esta vulnerabilidad no afecta a Vapor directamente, pero podr\u00eda afectar a las aplicaciones que dependen del tipo de URI para validar la entrada del usuario. El tipo URI se utiliza en varios lugares de Vapor. Un desarrollador puede decidir utilizar URI para representar una URL en su aplicaci\u00f3n (especialmente si esa URL luego se pasa al Cliente HTTP) y confiar en sus propiedades y m\u00e9todos p\u00fablicos. Sin embargo, es posible que el URI no pueda analizar correctamente una URL v\u00e1lida (aunque anormalmente larga), debido a que los rangos de cadenas se convierten a enteros de 16 bits. Un atacante puede utilizar este comportamiento para enga\u00f1ar a la aplicaci\u00f3n para que acepte una URL a un destino que no es de confianza. Al rellenar el n\u00famero de puerto con ceros, un atacante puede provocar un desbordamiento de enteros cuando se analiza la autoridad de la URL y, como resultado, falsificar el host. La versi\u00f3n 4.90.0 contiene un parche para este problema. Como workaround, valide la entrada del usuario antes de analizarla como URI o, si es posible, utilice las utilidades `URL` y `URLComponents` de Foundation."}], "id": "CVE-2024-21631", "lastModified": "2024-01-10T18:40:48.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-03T17:15:12.790", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1104"}, {"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}