CVE-2023-44386

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-44386

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44386.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-44386

Aliases

GHSA-3mwq-h3g6-ffhm

Published

2023-10-05T17:41:38Z

Modified

2025-10-22T18:39:26.029055Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Incorrect request error handling triggers server crash in Vapor

Details

Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.

Database specific

{
    "cwe_ids": [
        "CWE-231",
        "CWE-617",
        "CWE-696"
    ]
}

References

Affected packages

Git / github.com/vapor/vapor

Affected ranges

Type: GIT
Repo: https://github.com/vapor/vapor
Events: Introduced

1f2b44b1739ff5cdec6c6dfec40020f5d4b2a813

Fixed

090464a654b03148b139a81f8f5ac63b0856f6f3

Affected versions

4.*

4.83.2

4.84.0

4.84.1