Home > Vulnerability Database > CVE-2022-38667

Mend.io Vulnerability Database

CVE-2022-38667

Date: August 22, 2022

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.

Language: C++

Severity Score

9.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-38667

Url: https://github.com/CrowCpp/Crow/pull/524

Url: https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md

Url: https://gynvael.coldwind.pl/?id=753

Url: https://cwe.mitre.org/data/definitions/372.html

Url: https://www.mend.io/vulnerability-database/CVE-2022-38667

Severity Score

9.8

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-38667

Date: August 22, 2022

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?