Design/Logic Flaw

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function headervalue. This vulnerability allows attackers to access sensitive information via a crafted HTTP request...

CVE-2022-38333

OpenWrt before v21.02.3 and OpenWrt v22.03.0-rc6 contain two skip loops in the header_value() function, leading to information disclosure via a crafted HTTP request. The vulnerability is described across multiple sources (NVD/Red Hat and related feeds) with a CVSS v3.1 base score of 7.5 (HIGH, Ne...