Vulnerability-Lookup

CVE-2024-21631 (GCVE-0-2024-21631)

Vulnerability from cvelistv5 – Published: 2024-01-03 16:55 – Updated: 2024-09-18 17:28

Title

Integer overflow in URI leading to potential host spoofing

Summary

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-20 - Improper Input Validation
CWE-190 - Integer Overflow or Wraparound
CWE-1104 - Use of Unmaintained Third Party Components

Assigner

GitHub_M

References

URL

Tags

	https://github.com/vapor/vapor/security/advisorie…	x_refsource_CONFIRM
	https://github.com/vapor/vapor/commit/6db3d917b5c…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	vapor	vapor	Affected: < 4.90.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.780Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
          },
          {
            "name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vapor",
            "vendor": "vapor",
            "versions": [
              {
                "lessThan": "4.90.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vapor",
            "vendor": "vapor",
            "versions": [
              {
                "lessThan": "pkg:swift/github.com/vapor/vapor@4.90.0",
                "status": "affected",
                "version": "pkg:swift/github.com/vapor/vapor@0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21631",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-03T19:21:44.394603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T17:28:33.910Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vapor",
          "vendor": "vapor",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.90.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1104",
              "description": "CWE-1104: Use of Unmaintained Third Party Components",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-03T16:55:02.356Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
        },
        {
          "name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
        }
      ],
      "source": {
        "advisory": "GHSA-r6r4-5pr8-gjcp",
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in URI leading to potential host spoofing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-21631",
    "datePublished": "2024-01-03T16:55:02.356Z",
    "dateReserved": "2023-12-29T03:00:44.954Z",
    "dateUpdated": "2024-09-18T17:28:33.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp\", \"name\": \"https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70\", \"name\": \"https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:35.780Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21631\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-03T19:21:44.394603Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*\"], \"vendor\": \"vapor\", \"product\": \"vapor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.90.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*\"], \"vendor\": \"vapor\", \"product\": \"vapor\", \"versions\": [{\"status\": \"affected\", \"version\": \"pkg:swift/github.com/vapor/vapor@0\", \"lessThan\": \"pkg:swift/github.com/vapor/vapor@4.90.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T16:12:29.182Z\"}}], \"cna\": {\"title\": \"Integer overflow in URI leading to potential host spoofing\", \"source\": {\"advisory\": \"GHSA-r6r4-5pr8-gjcp\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"vapor\", \"product\": \"vapor\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.90.0\"}]}], \"references\": [{\"url\": \"https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp\", \"name\": \"https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70\", \"name\": \"https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1104\", \"description\": \"CWE-1104: Use of Unmaintained Third Party Components\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-03T16:55:02.356Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-21631\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-18T17:28:33.910Z\", \"dateReserved\": \"2023-12-29T03:00:44.954Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-03T16:55:02.356Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2024-21631

Vulnerability from gsd - Updated: 2023-12-29 06:02

Details

Aliases

CVE-2024-21631

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-21631"
      ],
      "details": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.\n",
      "id": "GSD-2024-21631",
      "modified": "2023-12-29T06:02:05.047352Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2024-21631",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "vapor",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 4.90.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "vapor"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-190",
                "lang": "eng",
                "value": "CWE-190: Integer Overflow or Wraparound"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-1104",
                "lang": "eng",
                "value": "CWE-1104: Use of Unmaintained Third Party Components"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp",
            "refsource": "MISC",
            "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
          },
          {
            "name": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70",
            "refsource": "MISC",
            "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-r6r4-5pr8-gjcp",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D7A4A9F5-B5B1-480E-9922-AF35861D75AF",
                    "versionEndExcluding": "4.90.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.\n"
          },
          {
            "lang": "es",
            "value": "Vapor es un framework web HTTP para Swift. Antes de la versi\u00f3n 4.90.0, la funci\u00f3n `vapor_urlparser_parse` de Vapor utiliza \u00edndices `uint16_t` al analizar los componentes de un URI, lo que puede causar desbordamientos de enteros al analizar entradas que no son de confianza. Esta vulnerabilidad no afecta a Vapor directamente, pero podr\u00eda afectar a las aplicaciones que dependen del tipo de URI para validar la entrada del usuario. El tipo URI se utiliza en varios lugares de Vapor. Un desarrollador puede decidir utilizar URI para representar una URL en su aplicaci\u00f3n (especialmente si esa URL luego se pasa al Cliente HTTP) y confiar en sus propiedades y m\u00e9todos p\u00fablicos. Sin embargo, es posible que el URI no pueda analizar correctamente una URL v\u00e1lida (aunque anormalmente larga), debido a que los rangos de cadenas se convierten a enteros de 16 bits. Un atacante puede utilizar este comportamiento para enga\u00f1ar a la aplicaci\u00f3n para que acepte una URL a un destino que no es de confianza. Al rellenar el n\u00famero de puerto con ceros, un atacante puede provocar un desbordamiento de enteros cuando se analiza la autoridad de la URL y, como resultado, falsificar el host. La versi\u00f3n 4.90.0 contiene un parche para este problema. Como workaround, valide la entrada del usuario antes de analizarla como URI o, si es posible, utilice las utilidades `URL` y `URLComponents` de Foundation."
          }
        ],
        "id": "CVE-2024-21631",
        "lastModified": "2024-01-10T18:40:48.587",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-03T17:15:12.790",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-190"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-1104"
              },
              {
                "lang": "en",
                "value": "CWE-190"
              },
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-21631

Vulnerability from fkie_nvd - Published: 2024-01-03 17:15 - Updated: 2024-11-21 08:54

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70	Patch
security-advisories@github.com	https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp	Vendor Advisory

Impacted products

	Vendor	Product	Version
	vapor	vapor	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7A4A9F5-B5B1-480E-9922-AF35861D75AF",
              "versionEndExcluding": "4.90.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.\n"
    },
    {
      "lang": "es",
      "value": "Vapor es un framework web HTTP para Swift. Antes de la versi\u00f3n 4.90.0, la funci\u00f3n `vapor_urlparser_parse` de Vapor utiliza \u00edndices `uint16_t` al analizar los componentes de un URI, lo que puede causar desbordamientos de enteros al analizar entradas que no son de confianza. Esta vulnerabilidad no afecta a Vapor directamente, pero podr\u00eda afectar a las aplicaciones que dependen del tipo de URI para validar la entrada del usuario. El tipo URI se utiliza en varios lugares de Vapor. Un desarrollador puede decidir utilizar URI para representar una URL en su aplicaci\u00f3n (especialmente si esa URL luego se pasa al Cliente HTTP) y confiar en sus propiedades y m\u00e9todos p\u00fablicos. Sin embargo, es posible que el URI no pueda analizar correctamente una URL v\u00e1lida (aunque anormalmente larga), debido a que los rangos de cadenas se convierten a enteros de 16 bits. Un atacante puede utilizar este comportamiento para enga\u00f1ar a la aplicaci\u00f3n para que acepte una URL a un destino que no es de confianza. Al rellenar el n\u00famero de puerto con ceros, un atacante puede provocar un desbordamiento de enteros cuando se analiza la autoridad de la URL y, como resultado, falsificar el host. La versi\u00f3n 4.90.0 contiene un parche para este problema. Como workaround, valide la entrada del usuario antes de analizarla como URI o, si es posible, utilice las utilidades `URL` y `URLComponents` de Foundation."
    }
  ],
  "id": "CVE-2024-21631",
  "lastModified": "2024-11-21T08:54:45.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-03T17:15:12.790",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-1104"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R6R4-5PR8-GJCP

Vulnerability from github – Published: 2024-01-03 21:44 – Updated: 2024-02-09 00:29

Summary

Vapor contains an integer overflow in URI leading to potential host spoofing

Details

Vapor's vapor_urlparser_parse function uses uint16_t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs.

This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input.

The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behaviour to trick the application into accepting a URL to an untrusted destination.

By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host.

Impact

Users attempting to treat untrusted input as a URI are vulnerable to a host spoofing attack due to an integer overflow.

Workarounds

Validate user input before parsing as a URI or, if possible, use Foundation's URL and URLComponents utilities.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.89.3"
      },
      "package": {
        "ecosystem": "SwiftURL",
        "name": "github.com/vapor/vapor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.90.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21631"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1104",
      "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-03T21:44:35Z",
    "nvd_published_at": "2024-01-03T17:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Vapor\u0027s `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI\u0027s components, which may cause integer overflows when parsing untrusted inputs.\n\nThis vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. \n\nThe URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behaviour to trick the application into accepting a URL to an untrusted destination.\n\nBy padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host.\n\n### Impact\nUsers attempting to treat untrusted input as a URI are vulnerable to a host spoofing attack due to an integer overflow.\n\n### Workarounds\nValidate user input before parsing as a URI or, if possible, use Foundation\u0027s `URL` and `URLComponents` utilities.",
  "id": "GHSA-r6r4-5pr8-gjcp",
  "modified": "2024-02-09T00:29:14Z",
  "published": "2024-01-03T21:44:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21631"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vapor/vapor"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Vapor contains an integer overflow in URI leading to potential host spoofing"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-21631 (GCVE-0-2024-21631)

GSD-2024-21631

FKIE_CVE-2024-21631

GHSA-R6R4-5PR8-GJCP

Impact

Workarounds

Tags

Sightings

Nomenclature