Critical severity9.8NVD Advisory· Published Aug 22, 2022· Updated Jun 17, 2026
CVE-2022-38667
CVE-2022-38667
Description
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Crow/HTTPdescription
Patches
Vulnerability mechanics
References
4- github.com/CrowCpp/Crow/pull/524nvdPatchThird Party Advisory
- github.com/0xhebi/CVEs/blob/main/Crow/CVE-2022-38667.mdnvdExploitThird Party Advisory
- gynvael.coldwind.plnvdExploitThird Party Advisory
- cwe.mitre.org/data/definitions/372.htmlnvdTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.