Homepage
About Snyk

Integer Overflow or Wraparound Affecting github.com/vapor/vapor package, versions <4.90.0

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.04% (14th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-SWIFT-VAPORVAPOR-6143589
  • published 4 Jan 2024
  • disclosed 3 Jan 2024
  • credit Nicolas Bachschmidt
Report a new vulnerability Found a mistake?

Introduced: 3 Jan 2024

CVE-2024-21631 Open this link in a new tab
CWE-1104 Open this link in a new tab

How to fix?

Upgrade vapor/vapor to version 4.90.0 or higher.

Overview

vapor/vapor is an a server-side Swift HTTP web framework.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the vapor_urlparser_parse function. An attacker can spoof the host by padding the port number with zeros, causing an integer overflow when the URL authority is parsed.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.5 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    High
  • Availability (A)
    None
Expand this section

NVD

6.5 medium