CVE-2022-34970

EUVD-2022-37872
Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
crowcppcrow
𝑥
< 1.0\+4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cwe.mitre.org/data/definitions/193.html
https://github.com/0xhebi/CVE-2022-34970/blob/master/report.md
https://github.com/CrowCpp/Crow/pull/486
https://github.com/CrowCpp/Crow/releases/tag/v1.0%2B4
https://cwe.mitre.org/data/definitions/193.html
https://github.com/0xhebi/CVE-2022-34970/blob/master/report.md
https://github.com/CrowCpp/Crow/pull/486
https://github.com/CrowCpp/Crow/releases/tag/v1.0%2B4