CVE-2022-31019 - OpenCVE

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Vapor	Vapor

Configuration 1 [-]

cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033	Exploit Patch Third Party Advisory
https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg	Mitigation Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-06-06T21:05:20

Updated: 2022-06-06T21:05:20

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-31019

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-09T13:15:08.393

Modified: 2023-06-29T14:43:50.480

Link: CVE-2022-31019

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "vapor", "vendor": "vapor", "versions": [{"status": "affected", "version": "< 4.61.1"}]}], "descriptions": [{"lang": "en", "value": "Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d \"array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world\" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-06T21:05:20", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033"}], "source": {"advisory": "GHSA-qvxg-wjxc-r4gg", "discovery": "UNKNOWN"}, "title": "DoS Vulnerability in URLEncodedFormDecoder in Vapor", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31019", "STATE": "PUBLIC", "TITLE": "DoS Vulnerability in URLEncodedFormDecoder in Vapor"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "vapor", "version": {"version_data": [{"version_value": "< 4.61.1"}]}}]}, "vendor_name": "vapor"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d \"array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world\" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg", "refsource": "CONFIRM", "url": "https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg"}, {"name": "https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033", "refsource": "MISC", "url": "https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033"}]}, "source": {"advisory": "GHSA-qvxg-wjxc-r4gg", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31019", "datePublished": "2022-06-06T21:05:20", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2022-06-06T21:05:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*", "matchCriteriaId": "C16F0CBC-8114-4D2C-A7CB-CA31A94FFD0E", "versionEndExcluding": "4.61.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d \"array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world\" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1."}, {"lang": "es", "value": "Vapor es un framework web Swift HTTP del lado del servidor. Cuando es usada la decodificaci\u00f3n autom\u00e1tica de contenido, un atacante puede dise\u00f1ar un cuerpo de petici\u00f3n que puede hacer que el servidor se bloquee con la siguiente petici\u00f3n: \"curl -d \"array[_0][0][array][_0][array]$(for f in $(seq 1100); do echo -n \"[_0][array]\"; done)[string][_0]=hello%20world\" http://localhost:8080/foo\". El problema es el crecimiento ilimitado de la pila, controlado por el atacante, que en alg\u00fan momento conllevar\u00e1 un desbordamiento de la pila y un bloqueo del proceso. Este problema ha sido corregido en versi\u00f3n 4.61.1"}], "id": "CVE-2022-31019", "lastModified": "2023-06-29T14:43:50.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-06-09T13:15:08.393", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/vapor/vapor/commit/6c63226a4ab82ce53730eb1afb9ca63866fcf033"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/vapor/vapor/security/advisories/GHSA-qvxg-wjxc-r4gg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "security-advisories@github.com", "type": "Secondary"}]}