Home > Vulnerability Database > CVE-2022-3409

Mend.io Vulnerability Database

CVE-2022-3409

Date: October 27, 2022

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.

Language: C++

Severity Score

7.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3409

Url: https://github.com/openbmc/bmcweb

Url: https://www.mend.io/vulnerability-database/CVE-2022-3409

Severity Score

7.5

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3409

Date: October 27, 2022

Language: C++

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?