nvd-json-data-feeds/CVE-2022/CVE-2022-32xx/CVE-2022-3252.json

{
  "id": "CVE-2022-3252",
  "sourceIdentifier": "cve@forums.swift.org",
  "published": "2022-09-21T19:15:13.023",
  "lastModified": "2024-11-21T07:19:08.940",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko (https://github.com/vojtarylko) and reported publicly on GitHub."
    },
    {
      "lang": "es",
      "value": "Una Detecci\u00f3n inapropiada de la descompresi\u00f3n completa del cuerpo HTTP SwiftNIO Extras proporciona un par de ayudantes para descomprimir de forma transparente los cuerpos de petici\u00f3n o respuesta HTTP recibidos. Estos dos objetos (HTTPRequestDecompressor y HTTPResponseDecompressor) fallaban al detectar cuando el cuerpo descomprimido era considerado completo. Si eran a\u00f1adidos datos basura al cuerpo del mensaje HTTP, el c\u00f3digo intentaba repetidamente descomprimir estos datos y fallaba. Esto conllevaba a un bucle infinito que no avanzaba, conllevando a un bloqueo del sistema y una denegaci\u00f3n de servicio. Este problema puede ser provocado por cualquier atacante capaz de enviar un mensaje HTTP comprimido. Lo m\u00e1s com\u00fan es que trate de servidores HTTP, ya que los mensajes HTTP comprimidos no pueden ser negociados para peticiones HTTP, pero es posible que los usuarios hayan configurado la descompresi\u00f3n para peticiones HTTP tambi\u00e9n. El ataque es de bajo esfuerzo, y es probable que sea alcanzado sin requerir ning\u00fan privilegio o acceso al sistema. El impacto en la disponibilidad es alto: el proceso es convertido inmediatamente en no disponible pero no es bloqueado inmediatamente, lo que significa que es posible que el proceso permanezca en este estado hasta que un administrador intervenga o sea disparado un interruptor autom\u00e1tico. Si no es controlado, este problema agotar\u00e1 muy lentamente los recursos de memoria debido a una asignaci\u00f3n repetida de b\u00faferes, pero \u00e9stos no son escritos, por lo que es posible que los procesos no terminen durante bastante tiempo. Este riesgo puede mitigarse al eliminar la descompresi\u00f3n transparente de mensajes HTTP. El problema es corregido al detectar correctamente la terminaci\u00f3n del cuerpo comprimido seg\u00fan lo informado por zlib y rechazando la descompresi\u00f3n de m\u00e1s datos. El problema fue encontrado por Vojtech Rylko (https://github.com/vojtarylko) y reportado p\u00fablicamente en GitHub"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@forums.swift.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-606"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apple:swift-nio-extras:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "1.9.2",
              "matchCriteriaId": "EB045F47-B2BF-4C6C-900B-D6C786F83579"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apple:swift-nio-extras:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.10.0",
              "versionEndExcluding": "1.10.3",
              "matchCriteriaId": "1E86162E-DB9D-4839-B708-55BD627497F1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apple:swift-nio-extras:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.11.0",
              "versionEndExcluding": "1.14.0",
              "matchCriteriaId": "1AB7C1E5-11E4-437F-8596-5EA111CFFEAD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/apple/swift-nio-extras/security/advisories/GHSA-773g-x274-8qmf",
      "source": "cve@forums.swift.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/apple/swift-nio-extras/security/advisories/GHSA-773g-x274-8qmf",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}