CVE-2023-22465

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-22465
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22465.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-22465
Aliases
Published
2023-01-04T15:30:04.129Z
Modified
2026-04-10T04:55:23.503567Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Http4s has fatal error parsing User-Agent and Server headers
Details

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a workaround, use the weakly typed header interface.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22465.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/http4s/http4s

Affected ranges

Type
GIT
Repo
https://github.com/http4s/http4s
Events
Introduced
1cb3dd7d66767ad02f6431d290ca14c07ec99c30
Fixed
f09ae5a20f23798f10537dc3684b614d0c454fea
Database specific 
{
    "versions": [
        {
            "introduced": "0.1.0"
        },
        {
            "fixed": "0.21.34"
        }
    ]
}
Type
GIT
Repo
https://github.com/http4s/http4s
Events
Introduced
3e98ea4a63e741c7f9d5e917d48d2ee8fab54476
Fixed
3eade0b5c8d6a8271444604760912c861807d0b9
Database specific 
{
    "versions": [
        {
            "introduced": "0.22.0"
        },
        {
            "fixed": "0.22.15"
        }
    ]
}
Type
GIT
Repo
https://github.com/http4s/http4s
Events
Introduced
06db471f053023ce3ffd7c568ce46d33551d1d69
Fixed
cc61c693e4f78d84f77f0ac8e7f6431fe72f4cc4
Database specific 
{
    "versions": [
        {
            "introduced": "0.23.0"
        },
        {
            "fixed": "0.23.17"
        }
    ]
}
Type
GIT
Repo
https://github.com/http4s/http4s
Events
Introduced
756ce63aee681c5b632bbeafe0b8fde2f3d237f4
Fixed
fcc1dd91b4ab9cb63eed1007bafdc122603bad3b
Database specific 
{
    "versions": [
        {
            "introduced": "1.0.0-M1"
        },
        {
            "fixed": "1.0.0-M38"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.17.0-M1
v0.18.0
v0.18.0-M1
v0.18.0-M2
v0.18.0-M3
v0.18.0-M4
v0.18.0-M5
v0.18.0-M6
v0.18.0-M7
v0.18.0-M8
v0.18.0-M9
v0.19.0
v0.19.0-M1
v0.19.0-M2
v0.19.0-M3
v0.2.0
v0.20.0
v0.20.0-M1
v0.20.0-M2
v0.20.0-M3
v0.20.0-M4
v0.20.0-M5
v0.20.0-M6
v0.20.0-M7
v0.20.0-RC1
v0.21.0
v0.21.0-M1
v0.21.0-M3
v0.21.0-M4
v0.21.0-M5
v0.21.0-M6
v0.21.0-RC1
v0.21.0-RC2
v0.21.0-RC3
v0.21.0-RC4
v0.21.0-RC5
v0.21.1
v0.21.11
v0.21.12
v0.21.13
v0.21.14
v0.21.15
v0.21.16
v0.21.18
v0.21.19
v0.21.20
v0.21.21
v0.21.22
v0.21.23
v0.21.25
v0.21.26
v0.21.27
v0.21.28
v0.21.3
v0.21.30
v0.21.31
v0.21.32
v0.21.33
v0.21.4
v0.21.5
v0.21.6
v0.21.7
v0.21.8
v0.21.9
v0.23.0
v0.23.0-M1
v0.23.1
v0.23.10
v0.23.11
v0.23.12
v0.23.13
v0.23.14
v0.23.15
v0.23.16
v0.23.2
v0.23.3
v0.23.5
v0.23.6
v0.23.7
v0.23.8
v0.23.9
v0.3.0
v0.5.0
v0.6.0
v0.7.0
v0.8.1
v0.9.0
v1.*
v1.0.0-M1
v1.0.0-M10
v1.0.0-M11
v1.0.0-M12
v1.0.0-M13
v1.0.0-M15
v1.0.0-M16
v1.0.0-M17
v1.0.0-M19
v1.0.0-M2
v1.0.0-M20
v1.0.0-M21
v1.0.0-M22
v1.0.0-M24
v1.0.0-M26
v1.0.0-M28
v1.0.0-M29
v1.0.0-M3
v1.0.0-M30
v1.0.0-M31
v1.0.0-M32
v1.0.0-M33
v1.0.0-M34
v1.0.0-M35
v1.0.0-M36
v1.0.0-M37
v1.0.0-M4
v1.0.0-M5
v1.0.0-M6
v1.0.0-M7
v1.0.0-M8
v1.0.0-M9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22465.json"