CVE-2022-31019
published 2022-06-09CVE-2022-31019: Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.49%
70.9th percentile
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | vapor_vapor | >= 0 < 4.61.1 | 4.61.1 |
| vapor | vapor | < 4.61.1 | 4.61.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Vapor vulnerable to denial of service in URLEncodedFormDecoder
ghsa·2023-06-07
CVE-2022-31019 [HIGH] CWE-120 Vapor vulnerable to denial of service in URLEncodedFormDecoder
Vapor vulnerable to denial of service in URLEncodedFormDecoder
Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder.
### Impact
When using automatic content decoding, e.g.
```swift
app.post("foo") { request -> String in
let foo = try request.content.decode(Foo.self)
return "\(foo)"
}
```
An attacker can craft a request body that can make the server crash with the following request:
```
curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo
```
The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow.
### Patches
Fixed in 4.61.1
### Workarounds
If
OSV
Vapor vulnerable to denial of service in URLEncodedFormDecoder
osv·2023-06-07
CVE-2022-31019 [HIGH] Vapor vulnerable to denial of service in URLEncodedFormDecoder
Vapor vulnerable to denial of service in URLEncodedFormDecoder
Vapor is an HTTP web framework for Swift. Vapor versions earlier than 4.61.1 are vulnerable to a denial of service in the URLEncodedFormDecoder.
### Impact
When using automatic content decoding, e.g.
```swift
app.post("foo") { request -> String in
let foo = try request.content.decode(Foo.self)
return "\(foo)"
}
```
An attacker can craft a request body that can make the server crash with the following request:
```
curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo
```
The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow.
### Patches
Fixed in 4.61.1
### Workarounds
If
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-09
Published