CVE-2022-38333

Name of the Vulnerable Software and Affected Versions Openwrt versions prior to 21.02.3 Openwrt version 22.03.0-rc6

Description The issue is related to a buffer overflow vulnerability in the header value function, which allows attackers to access sensitive information via a crafted HTTP request. This can be exploited by sending a specially formed HTTP request, potentially giving a remote attacker access to protected information.

Recommendations For Openwrt versions prior to 21.02.3, update to version 21.02.3 or later. For Openwrt version 22.03.0-rc6, consider disabling the header value function until a patch is available. As a temporary workaround, restrict access to the vulnerable header value function to minimize the risk of exploitation.