CVE-2022-3959

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3959
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3959.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3959
Published
2022-11-11T16:15:16.843Z
Modified
2025-11-20T12:09:44.370057Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.

References

Affected packages

Git / github.com/drogonframework/drogon

Affected ranges

Type
GIT
Repo
https://github.com/drogonframework/drogon
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
31fa010ca9fc3c7269d8e1203f0c76223754e7a4
Fixed
c0d48da99f66aaada17bcd28b07741cac8697647

Affected versions

v1.*

v1.0.0
v1.0.0-beta1
v1.0.0-beta10
v1.0.0-beta11
v1.0.0-beta12
v1.0.0-beta13
v1.0.0-beta14
v1.0.0-beta15
v1.0.0-beta16
v1.0.0-beta17
v1.0.0-beta18
v1.0.0-beta19
v1.0.0-beta2
v1.0.0-beta20
v1.0.0-beta21
v1.0.0-beta3
v1.0.0-beta4
v1.0.0-beta5
v1.0.0-beta6
v1.0.0-beta7
v1.0.0-beta8
v1.0.0-beta9
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.8.0
v1.8.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3959.json"

vanir_signatures

[
    {
        "target": {
            "file": "lib/src/HttpResponseImpl.h"
        },
        "id": "CVE-2022-3959-9095d97b",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "218376967925115613644269826550484633892",
                "260327737522388960055479777165320124184",
                "207372786384201077771785176570323710350",
                "215620307207450813845693505089259203785",
                "73400419942714310003637671768999282296",
                "130416446134980275635891850728418597442",
                "225076829191020389789166636303435490487",
                "41871524542694513177896761626326242549",
                "14706816173359133170992993445307181151",
                "333017276881914442881331887505444704808",
                "281405154179161547059485031443929911767",
                "278065490536607438706589607207278605736",
                "112107245668854854900859663077611169417"
            ],
            "threshold": 0.9
        }
    },
    {
        "target": {
            "file": "lib/inc/drogon/utils/Utilities.h"
        },
        "id": "CVE-2022-3959-97874ffb",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "76209998393112354830324110360244048281",
                "43800637824245733032192602159356521573",
                "150468678283761223202829950411361585220"
            ],
            "threshold": 0.9
        }
    },
    {
        "target": {
            "file": "lib/inc/drogon/HttpResponse.h"
        },
        "id": "CVE-2022-3959-b39f3c34",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "152840637633075294120316310963739429861",
                "88156389197358795228671654116912076568",
                "77822527454127017690345047846049557960",
                "264696298603923545830032259154810353605",
                "144226667202953577240933752794174941185",
                "104451712435070993847958731415963057437",
                "206656084426631659886220880858533456698",
                "280866987258999487715067739881677785627",
                "219228021482802336432630746181962008151",
                "292756744341648590230250377544216350451",
                "50775120276147852725241185237435982865",
                "237728775235719421854769173405526733387",
                "213897175252919996928783809731070292278",
                "209711279766486583952600670576977661913",
                "130982972372362977956325089825977896851"
            ],
            "threshold": 0.9
        }
    },
    {
        "target": {
            "file": "lib/src/Utilities.cc"
        },
        "id": "CVE-2022-3959-cb6e8f35",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "320382204926226999819772602059607312713",
                "335391923332883398951730313256478179123"
            ],
            "threshold": 0.9
        }
    },
    {
        "target": {
            "file": "lib/src/HttpRequestImpl.h"
        },
        "id": "CVE-2022-3959-cd1f953f",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "282726000710682709274061677780740268358",
                "187133803759205768028696478550662114865",
                "209870481018074076297265377986593569724",
                "10753045353602919118547197019719077502",
                "83073708652798657712680531533292744974",
                "208459565641567152219277409754662204180",
                "176664230261726559067645120558889316442",
                "207372786384201077771785176570323710350",
                "215620307207450813845693505089259203785",
                "195033011363551262158937488366225478264",
                "225850336942313276940426660185429756379",
                "185037114518427595609286190755006464150",
                "38288130366801840363548471760516122371",
                "134846500785834523367978740179874587676",
                "221969560057621243155286159483881433654",
                "10292869191477186828278490479395893125",
                "136917512994665175955047731461741631327",
                "79972792956047269030388349951392438241",
                "205766254510612232662320309267871735646"
            ],
            "threshold": 0.9
        }
    },
    {
        "target": {
            "file": "lib/inc/drogon/HttpRequest.h"
        },
        "id": "CVE-2022-3959-d4de7c52",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "275007968800307477230470672173395354007",
                "67154208861182964940106440067847391735",
                "270283010426118782823344194624808099015",
                "280866987258999487715067739881677785627",
                "219228021482802336432630746181962008151",
                "292756744341648590230250377544216350451",
                "201890507373490698445799717686897207401",
                "86750013451421309706258716558991994205",
                "106810257846227859236798036248419322303",
                "257864285837594738995905982729414276302",
                "333153717580777679529067609137684212047",
                "208575040254884243483299828535436571996",
                "134447437137474793358607584490173663687",
                "160332987866776651506834648448018410937",
                "44422392096088292569701858519031785392",
                "78877783222120300378317676867051524764",
                "45403313521649435983925893231617632952",
                "152417171483397786008380841474380767703"
            ],
            "threshold": 0.9
        }
    }
]