CVE-2022-3212

Exploit

EPSS 0.27%
Veröffentlicht 14.09.2022 16:15:11
Zuletzt bearbeitet 21.11.2024 07:19:03
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axum-core Project ≫ Axum-core SwPlatformrust Version < 0.2.8

Axum-core Project ≫ Axum-core Version0.3.0 Updaterc1 SwPlatformrust

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.499

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
reefs@jfrog.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://research.jfrog.com/vulnerabilities/axum-core-dos/

Third Party Advisory

Exploit

https://rustsec.org/advisories/RUSTSEC-2022-0055.html

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-3212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3212

EUVD