Lucene search
GitHub_MCVELIST:CVE-2023-44386HistoryOct 05, 2023 - 5:41 p.m.
CVE-2023-44386 Incorrect request error handling triggers server crash in Vapor
2023-10-0517:41:38
CWE-696
CWE-231
CWE-617
GitHub_M
www.cve.org
4
cve-2023-44386
http web framework
swift
vapor
denial of service
vulnerability
http parse error
fix
release 4.84.2
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
27.3%
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
CNA Affected
[
{
"vendor": "vapor",
"product": "vapor",
"versions": [
{
"version": ">= 4.83.2, < 4.84.2",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-44386
2023-10-05 18:15:12
github
github
Vapor's incorrect request error handling triggers server crash
2023-10-05 20:55:58
gitlab
gitlab
Vapor's incorrect request error handling triggers server crash
2023-10-05 00:00:00
osv
osv
Vapor's incorrect request error handling triggers server crash
2023-10-05 20:55:58
CVE-2023-44386
2023-10-05 18:15:12
vulnrichment
vulnrichment
prion
prion
Denial of service
2023-10-05 18:15:00
cve
cve
CVE-2023-44386
2023-10-05 18:15:12
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
0.001
Percentile
27.3%
Related for CVELIST:CVE-2023-44386