CVE-2022-3212

Exploit

EPSS 0.8%
Veröffentlicht 14.09.2022 16:15:11
Zuletzt bearbeitet 21.11.2024 07:19:03
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

DoS in axum-core due to missing request size limit

<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axum-core Project ≫ Axum-core SwPlatformrust Version < 0.2.8

Axum-core Project ≫ Axum-core Version0.3.0 Updaterc1 SwPlatformrust

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.8%	0.516

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
reefs@jfrog.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://research.jfrog.com/vulnerabilities/axum-core-dos/

Third Party Advisory

Exploit

https://rustsec.org/advisories/RUSTSEC-2022-0055.html

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-3212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3212

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3212