Summary: - CVE: CVE-2022-34970 - Version Affected: Crow version prior to v1.0+4 - Vulnerability Type: Off-by-one buffer overrun - Impact: Information Disclosure, Denial of Service, Remote Code Execution (hard to exploit) - CVSS Score: 9.8 (Critical) Vulnerability Details: - Vulnerable Function: - Exploit Condition: Occurs when there are more than 256 key-value pairs in the query string, causing to be incremented one time too many. Exploitation and Potential Consequences: - Remote Heap Manipulation: An attacker can potentially control memory after the buffer. - Information Disclosure: If the web service echoes URL query parameters. - Denial of Service: Failed exploitation leads to server crashing. - Remote Code Execution: Under specific conditions, an attacker could manipulate memory layout for code execution. Proposed Fix: - Add a check to ensure can be incremented safely before post-increment. Proof of Concept Exploit: - Python script to send a crafted request with 257 key-value pairs. Timeline: - 2022-06-26: Vulnerability discovered. - 2022-06-27: Vulnerability report sent to maintainer and confirmed. - 2022-06-28: Maintainer released a patch. - 2022-07-29: Report published. - 2022-08-04: CVE assigned.