CVE-2022-38333

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176
https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:22.03.0:rc6:*:*:*:*:*:*
History

07 Nov 2023, 03:50

Type Values Removed Values Added
References
  • {'url': 'https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176', 'name': 'https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176', 'name': 'https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176', 'name': 'https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • () https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 -
  • () https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 -
  • () https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 -

24 May 2023, 15:01

Type Values Removed Values Added
CPE cpe:2.3:a:openwrt:openwrt:*:*:*:*:*:*:*:*
cpe:2.3:a:openwrt:openwrt:22.03.0:rc6:*:*:*:*:*:*		 cpe:2.3:o:openwrt:openwrt:22.03.0:rc6:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*

21 Sep 2022, 22:51

Type Values Removed Values Added
First Time Openwrt
Openwrt openwrt
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
CWE-125
References (MISC) https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 - (MISC) https://git.openwrt.org/?p=project/cgi-io.git;a=commit;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 - Mailing List, Patch, Vendor Advisory
References (MISC) https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 - (MISC) https://git.openwrt.org/?p=project/cgi-io.git;a=commitdiff;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 - Mailing List, Patch, Vendor Advisory
References (MISC) https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 - (MISC) https://git.openwrt.org/?p=project/cgi-io.git;a=patch;h=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 - Mailing List, Patch, Vendor Advisory
CPE cpe:2.3:a:openwrt:openwrt:*:*:*:*:*:*:*:*
cpe:2.3:a:openwrt:openwrt:22.03.0:rc6:*:*:*:*:*:*

19 Sep 2022, 17:53

Type Values Removed Values Added
New CVE
Information

Published : 2022-09-19 17:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-38333

Mitre link : CVE-2022-38333

CVE.ORG link : CVE-2022-38333

JSON object : View

Products Affected

openwrt

  • openwrt
CWE
CWE-125

Out-of-bounds Read

NVD-CWE-noinfo