CVE Vulnerability

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 Mailing List Patch
https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 Mailing List Patch
https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 Mailing List Patch
Configurations

Configuration 1

cpe:2.3:a:openwrt:openwrt:22.03.0:rc6:*:*:*:*:*:*
cpe:2.3:a:openwrt:openwrt:*:*:*:*:*:*:*:*
Information

Published : 2022-09-19 05:15

Updated : 2022-09-21 10:51

NVD link : CVE-2022-38333

Mitre link : CVE-2022-38333

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read

NVD-CWE-noinfo