CVE-2023-44386

Summary

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

Affected Software

VendorProductVersion RangeStatus
vaporvapor>= 4.83.2, < 4.84.2affected

Weaknesses

  • CWE-231: CWE-231: Improper Handling of Extra Values
  • CWE-617: CWE-617: Reachable Assertion
  • CWE-696: CWE-696: Incorrect Behavior Order

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References