CVE-2022-31005 HIGH

CVE-2022-31005: Integer Overflow in Vapor's HTTP Range Request

Vendor Vapor
Product vapor
Weakness CWE-190
Published May 31, 2022
Last update April 22, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.

Key dates

02Disclosure timeline

May 31, 2022 CVE published
April 22, 2025 Record updated