130 matches found
CVE-2022-38667
HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...
Crlf injection
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...
CVE-2023-26142
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...
CVE-2023-26142
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...
CVE-2023-26142
The CVE-2023-26142 entry concerns the Crow C++ microframework. Affected component: header construction in set_header/add_header; root cause: HTTP Response Splitting due to inadequate sanitization against CRLF injection. Impact (as described): an attacker can inject CRLF sequences to terminate hea...
Crow Injection Vulnerability
Crow is a C++ microframework for running Web services. A security vulnerability exists in Crow that stems from vulnerability to HTTP response splitting when header values are constructed using untrusted user input, and header values in the setheader and addheader functions are not properly cleane...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Overview Affected versions of this package are vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and...
The vulnerability of the Crow web service framework relates to the lack of protection for service-related data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Crow web service creation framework is related to the lack of protection for service-related data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Crow web service framework relates to the possibility of exploiting memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the Crow web service creation framework relates to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2022-38668
HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...
CVE-2022-38668
HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...
CVE-2022-38667
HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...
CVE-2022-38667
HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...
Design/Logic Flaw
HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...
Design/Logic Flaw
HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...
CVE-2022-38667
CVE-2022-38667 affects Crow HTTP applications up to and including 1.0+4. The issue is a Use-After-Free that can lead to code execution when HTTP pipelining is used. The root cause is that the HTTP parser supports pipelining, but the asynchronous Connection layer does not track the progression of ...
CVE-2022-38667
HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...
CVE-2022-38667
HTTP applications servers based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it ha...
CVE-2022-38668
HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...
CVE-2022-38668
HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...