Vulnerability Details : CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.
Products affected by CVE-2022-38333
- cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*
- cpe:2.3:o:openwrt:openwrt:22.03.0:rc6:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-38333
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-38333
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-38333
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-38333
-
https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176
Mailing List;Patch;Vendor Advisory
-
https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176
git.openwrt.org Git - project/cgi-io.git/commitMailing List;Patch;Vendor Advisory
-
https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176
git.openwrt.org Git - project/cgi-io.git/commitdiffMailing List;Patch;Vendor Advisory
Jump to