CVE-2023-44386

CVSS V2 None CVSS V3 None

Description

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

Overview

CVE ID
CVE-2023-44386

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-10-05T17:41:38.379Z

Last Modified Date
2023-10-05T17:41:38.379Z

Weakness Enumerations

CWE	URL
CWE-231	http://cwe.mitre.org/data/definitions/231.html
CWE-617	http://cwe.mitre.org/data/definitions/617.html
CWE-696	http://cwe.mitre.org/data/definitions/696.html

References

Reference URL	Reference Tags
https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm	x_refsource_CONFIRM
https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3	x_refsource_MISC
https://github.com/vapor/vapor/releases/tag/4.84.2	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-44386
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44386

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 12:26:58				Added to TrackCVE