Lucene search

[email protected]CVE-2022-38333

HistorySep 19, 2022 - 5:15 p.m.

CVE-2022-38333

2022-09-1917:15:14

CWE-125

[email protected]

web.nvd.nist.gov

openwrt

cve-2022-38333

v21.02.3

v22.03.0-rc6

security vulnerability

http request

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

Affected configurations

NVD

Node

openwrtopenwrtRange<21.02.3

openwrtopenwrtMatch22.03.0rc6

CPENameOperatorVersion
openwrt:openwrtopenwrtlt21.02.3
openwrt:openwrtopenwrteq22.03.0

CPE	Name	Operator	Version
openwrt:openwrt	openwrt	lt	21.02.3
openwrt:openwrt	openwrt	eq	22.03.0

References

git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176

git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176

git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2022-38333

openvas1 nvd1 cvelist1 prion1