CVE-2023-44386

EPSS 0.05%
Veröffentlicht 05.10.2023 18:15:12
Zuletzt bearbeitet 21.11.2024 08:25:47
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vapor ≫ Vapor Version >= 4.83.2 < 4.84.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-231 Improper Handling of Extra Values

The product does not handle or incorrectly handles when more values are provided than expected.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CWE-696 Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3

Patch

https://github.com/vapor/vapor/releases/tag/4.84.2

Release Notes

https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-44386

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-44386

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-44386

EUVD