Home > Vulnerability Database > CVE-2022-35256

Mend.io Vulnerability Database

CVE-2022-35256

Good to know:

Date: December 4, 2022

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Language: C

Severity Score

6.5

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35256

Url: https://access.redhat.com/security/cve/CVE-2022-35256

Url: https://security-tracker.debian.org/tracker/CVE-2022-35256

Url: https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Url: https://hackerone.com/reports/1675191

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-35256

Url: https://www.debian.org/security/2023/dsa-5326

Url: https://www.mend.io/vulnerability-database/CVE-2022-35256

Severity Score

6.5

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CWE-444

Top Fix

Upgrade Version

Upgrade to version v14.20.1,v16.17.1,v18.9.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35256

Good to know:

Date: December 4, 2022

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?