Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:57 p.m.19 views

CVE-2022-38667

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

9.8CVSS7.5AI score0.02133EPSS
Exploits1References1
Prion
Prion
added 2023/09/12 5:15 a.m.23 views

Crlf injection

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...

5.8CVSS6.5AI score0.0045EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/09/12 5:0 a.m.19 views

CVE-2023-26142

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...

6.5CVSS7.4AI score0.0045EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/09/12 5:0 a.m.36 views

CVE-2023-26142

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...

6.5CVSS6.8AI score0.0045EPSS
Exploits1References2
CVE
CVE
added 2023/09/12 5:0 a.m.72 views

CVE-2023-26142

The CVE-2023-26142 entry concerns the Crow C++ microframework. Affected component: header construction in set_header/add_header; root cause: HTTP Response Splitting due to inadequate sanitization against CRLF injection. Impact (as described): an attacker can inject CRLF sequences to terminate hea...

6.5CVSS6.4AI score0.0045EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.7 views

Crow Injection Vulnerability

Crow is a C++ microframework for running Web services. A security vulnerability exists in Crow that stems from vulnerability to HTTP response splitting when header values are constructed using untrusted user input, and header values in the setheader and addheader functions are not properly cleane...

6.5CVSS6.7AI score0.0045EPSS
Exploits1References3
Snyk
Snyk
added 2023/06/05 10:32 a.m.4 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Overview Affected versions of this package are vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and...

6.5CVSS6.4AI score0.0045EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.7 views

The vulnerability of the Crow web service framework relates to the lack of protection for service-related data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Crow web service creation framework is related to the lack of protection for service-related data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.01111EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.11 views

The vulnerability of the Crow web service framework relates to the possibility of exploiting memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the Crow web service creation framework relates to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.02133EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/22 8:15 p.m.8 views

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

7.5CVSS5.8AI score0.01111EPSS
Exploits1References4
NVD
NVD
added 2022/08/22 8:15 p.m.33 views

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

7.5CVSS0.01111EPSS
Exploits1References3
NVD
NVD
added 2022/08/22 8:15 p.m.36 views

CVE-2022-38667

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

9.8CVSS0.02133EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/08/22 8:15 p.m.4 views

CVE-2022-38667

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

9.8CVSS6.2AI score0.02133EPSS
Exploits1References5
Prion
Prion
added 2022/08/22 8:15 p.m.14 views

Design/Logic Flaw

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

7.5CVSS9.6AI score0.02133EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/08/22 8:15 p.m.13 views

Design/Logic Flaw

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

5CVSS7.6AI score0.01111EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/08/22 7:7 p.m.73 views

CVE-2022-38667

CVE-2022-38667 affects Crow HTTP applications up to and including 1.0+4. The issue is a Use-After-Free that can lead to code execution when HTTP pipelining is used. The root cause is that the HTTP parser supports pipelining, but the asynchronous Connection layer does not track the progression of ...

9.8CVSS9.6AI score0.02133EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/08/22 7:7 p.m.37 views

CVE-2022-38667

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

9.9AI score0.02133EPSS
Exploits1References4
OSV
OSV
added 2022/08/22 7:7 p.m.24 views

CVE-2022-38667

HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...

9.8CVSS7.4AI score0.02133EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/08/22 7:6 p.m.40 views

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

7.8AI score0.01111EPSS
Exploits1References3
OSV
OSV
added 2022/08/22 7:6 p.m.28 views

CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

7.5CVSS6.8AI score0.01111EPSS
Exploits1References5
Rows per page
Query Builder