CVE-2022-34970

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-34970

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34970.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-34970

Published

2022-08-04T19:15:09.827Z

Modified

2025-11-14T13:24:38.259138Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Crow before 1.0+4 has a heap-based buffer overflow via the function qsparse in querystring.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service.

References

Affected packages

Git / github.com/crowcpp/crow

Affected ranges

Type: GIT
Repo: https://github.com/crowcpp/crow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

62dae4cc32229e372bb81c0a20c19f2727345e71

Affected versions

0.*

0.2

v0.*

v0.1

v0.3

v1.*

v1.0

v1.0+1

v1.0+2

v1.0+3

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "qs_parse",
            "file": "include/crow/query_string.h"
        },
        "source": "https://github.com/crowcpp/crow/commit/62dae4cc32229e372bb81c0a20c19f2727345e71",
        "id": "CVE-2022-34970-6073f16d",
        "signature_version": "v1",
        "digest": {
            "function_hash": "336938383434325191902643563944787926562",
            "length": 657.0
        },
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "include/crow/query_string.h"
        },
        "source": "https://github.com/crowcpp/crow/commit/62dae4cc32229e372bb81c0a20c19f2727345e71",
        "id": "CVE-2022-34970-cfd24717",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "181069325050730614390994020731278716795",
                "102873384906716306407912897727626310214",
                "88213764132756482993718457627673947381",
                "156651280475791468279827093503004407029",
                "169940499544219386184258702819157697858",
                "159203152154726909533663750365906025093",
                "275499987689425730698452471984301144009",
                "278970894955859571642790026944179829431"
            ]
        },
        "deprecated": false,
        "signature_type": "Line"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-34970.json"