CVE-2022-38667

Name of the Vulnerable Software and Affected Versions Crow versions through 1.0+4

Description The issue is related to HTTP applications based on Crow, where the use of HTTP pipelining can lead to a Use-After-Free condition, potentially allowing code execution. This occurs because the asynchronous Connection layer is unaware of HTTP pipelining, specifically that it has begun processing a later request before finishing an earlier one. The vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Crow versions through 1.0+4, consider disabling HTTP pipelining as a temporary workaround to minimize the risk of exploitation. Restrict access to the HTTP parser to prevent the use of HTTP pipelining until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.