CVE-2023-44386

Name of the Vulnerable Software and Affected Versions Vapor versions prior to 4.84.2

Description There is a denial of service issue impacting all users of affected versions of Vapor, an HTTP web framework for Swift. The HTTP1 error handler closed connections when HTTP parse errors occurred instead of passing them on. This issue causes immediate termination of the server process due to API misuse, resulting in an immediately recoverable service interruption. There is no corruption of process state and no risk of data leakage or unauthorized code execution.

Recommendations For versions prior to 4.84.2, update to Vapor release 4.84.2 to resolve the issue. As a temporary workaround, consider implementing error handling mechanisms to prevent server process termination due to HTTP parse errors. However, the most effective solution is to update to the fixed version.