CVE-2022-34970

Critical

Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this…

mitre·CWE-193·Published 2022-08-04

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

235 chars

Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.

NVDen

235 chars

NVDes

279 chars

Crow versiones anteriores a 1.0+4 tiene un desbordamiento de búfer basado en heap a través de la función qs_parse en query_string.h. Si se explota con éxito, esta vulnerabilidad permite a los atacantes ejecutar remotamente código arbitrario en el contexto del servicio vulnerable

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H