Description
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.
References (4)
Core 4
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://cwe.mitre.org/data/definitions/372.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/CrowCpp/Crow/pull/524
Exploit, Third Party Advisory x_refsource_misc
https://github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.md
Exploit, Third Party Advisory x_refsource_misc
https://gynvael.coldwind.pl/?id=753
Scores
CVSS v3
9.8
EPSS
0.0311
EPSS Percentile
86.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
crowcpp/crow
< 1.0\+4
Published
Aug 22, 2022
Tracked Since
Feb 18, 2026