CVE-2023-26142
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-26142
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Crow 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Crow是一个用于运行 Web 服务的 C++ 微框架。 Crow 存在安全漏洞,该漏洞源于当使用不受信任的用户输入来构建标头值时,容易受到 HTTP 响应拆分的影响, set_header 和 add_header 函数中的标头值未针对 CRLF 注入进行正确清理,攻击者利用该漏洞可以添加 (回车换行符)字符来结束 HTTP 响应标头并注入恶意内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Crow | 0 ~ * | - |
II. Public POCs for CVE-2023-26142
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-26142
请登录查看更多情报信息。
Same Patch Batch · n/a · 2023-09-12 · 12 CVEs total
| CVE-2023-4918 | 8.8 HIGH | Plaintext storage of user password |
| CVE-2023-40218 | 2.0 LOW | SAMSUNG Exynos 输入验证错误漏洞 |
| CVE-2023-39150 | ConEmu 安全漏洞 | |
| CVE-2023-41013 | IceWarp 跨站脚本漏洞 | |
| CVE-2023-39637 | D-Link DIR-816 A2 命令注入漏洞 | |
| CVE-2023-27169 | Xpand IT Write-back manager 信任管理问题漏洞 | |
| CVE-2023-40834 | OpenCart 安全漏洞 | |
| CVE-2023-41423 | WordPress plugin Githuber MD 跨站脚本漏洞 | |
| CVE-2023-39073 | PowerShield SNMP Web Pro 安全漏洞 | |
| CVE-2022-47637 | XAMPP 安全漏洞 | |
| CVE-2023-40784 | DedeCMS 代码问题漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
Same weakness: CWE-113
- CVE-2026-42035
Axios: Header Injection via Prototype Pollution - CVE-2026-39971
Serendipity: Host Header Injection leads to SMTP header inje - CVE-2026-40175
Axios has Unrestricted Cloud Metadata Exfiltration via Heade - CVE-2026-34715
ewe Has Improper Neutralization of CRLF Sequences in HTTP He - CVE-2026-34520
AIOHTTP: C parser (llhttp) accepts null bytes and control ch
V. Comments for CVE-2023-26142
No comments yet