CVE-2022-31005 — Integer Overflow or Wraparound in Vapor

CWE-190 — Integer Overflow or Wraparound3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vapor Github.com Vapor Vapor

Timeline

PublishedMay 31

Latest updateJun 7

Description

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDvapor/vapor< 4.60.3

▶SwiftURLgithub.com/vapor_vapor< 4.60.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware↗2023-06-07

▶

GHSA

Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware↗2023-06-07

▶