PT-2022-22466 · Crow · Crow
Dejan Alvadzijevic
·
Published
2022-08-04
·
Updated
2022-08-10
·
CVE-2022-34970
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Crow versions prior to 1.0+4
Description
The issue is a heap-based buffer overflow that occurs via the function
qs parse in query string.h. This allows attackers to remotely execute arbitrary code in the context of the vulnerable service.Recommendations
For Crow versions prior to 1.0+4, update to version 1.0+4 or later to resolve the issue. As a temporary workaround, consider restricting access to the
qs parse function in query string.h to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Crow