CVE-2023-26142

The CVE-2023-26142 entry concerns the Crow C++ microframework. Affected component: header construction in set_header/add_header; root cause: HTTP Response Splitting due to inadequate sanitization against CRLF injection. Impact (as described): an attacker can inject CRLF sequences to terminate hea...

CVE-2022-34970

The CVE-2022-34970 entry affects Crow v1.0+4 and is caused by a heap-based overflow in the qs_parse function of query_string.h. On successful exploitation, remote code execution in the context of the vulnerable Crow service is possible. The Red Hat and OSV/NVD entries corroborate this description...

CVE-2022-38667

CVE-2022-38667 affects Crow HTTP applications up to and including 1.0+4. The issue is a Use-After-Free that can lead to code execution when HTTP pipelining is used. The root cause is that the HTTP parser supports pipelining, but the asynchronous Connection layer does not track the progression of ...

CVE-2021-23824

The CVE-2021-23824 entry concerns Crow (C/C++ micro-framework). Concrete details across connected sources show thatCrow before 0.3+4 is vulnerable when rendering templates that interpolate attributes without quotes; an attacker can inject attributes to manipulate input, enabling Cross‑site Script...

CVE-2021-23514

CVE-2021-23514 affects Crow before 0.3+4. A path traversal flaw allows an attacker to traverse directories and fetch arbitrary files from the server via supported endpoints. The vulnerability is described across multiple sources (e.g., NVD/CVE entry; CNVD/CNNVD; Snyk references) as a directory tr...

CVE-2022-38668

CVE-2022-38668 affects HTTP applications based on Crow through 1.0+4, where serving a static file smaller than 16 KB may disclose potentially sensitive data from stack memory. The Red Hat and CVE aggregations mirror this description; no concrete exploit details or affected product versions beyond...