Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38333

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

Published

2022-09-19T17:15:14.583

Last Modified

2024-11-21T07:16:16.637

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-125
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	openwrt	openwrt	< 21.02.3	Yes
Operating System	openwrt	openwrt	22.03.0	Yes

References

https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 ([email protected])
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 ([email protected])
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 ([email protected])
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 (af854a3a-2127-422b-91ae-364da2661108)
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 (af854a3a-2127-422b-91ae-364da2661108)
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 (af854a3a-2127-422b-91ae-364da2661108)