VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-csae-bk8g-aaae

Essentials
Severities (98)
References (34)
Severity details (15)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-csae-bk8g-aaae
Aliases	CVE-2022-35256
Summary	The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.00260	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03009	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03009	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03009	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.0309	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.0309	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03178	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03548	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03642	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03745	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03745	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03745	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.03745	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
epss	0.3271	https://api.first.org/data/v1/epss?cve=CVE-2022-35256
cvssv3.1	6.5	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
cvssv3.1	9.1	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
generic_textual	CRITICAL	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
ssvc	Track	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://hackerone.com/reports/1675191
ssvc	Track	https://hackerone.com/reports/1675191
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-35256
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-35256
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-35256
cvssv3.1	6.5	https://www.debian.org/security/2023/dsa-5326
cvssv3.1	9.1	https://www.debian.org/security/2023/dsa-5326
generic_textual	CRITICAL	https://www.debian.org/security/2023/dsa-5326
ssvc	Track	https://www.debian.org/security/2023/dsa-5326

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-35256
		https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://hackerone.com/reports/1675191
		https://www.debian.org/security/2023/dsa-5326
2130518		https://bugzilla.redhat.com/show_bug.cgi?id=2130518
977716		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977716
cpe:2.3:a:llhttp:llhttp::::::node.js::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:llhttp:llhttp::::::node.js::*
cpe:2.3:a:nodejs:node.js:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
cpe:2.3:a:nodejs:node.js:::::lts:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
cpe:2.3:a:siemens:sinec_ins::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins::::::::
cpe:2.3:a:siemens:sinec_ins:1.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2022-35256		https://nvd.nist.gov/vuln/detail/CVE-2022-35256
GLSA-202405-29		https://security.gentoo.org/glsa/202405-29
RHSA-2022:6963		https://access.redhat.com/errata/RHSA-2022:6963
RHSA-2022:6964		https://access.redhat.com/errata/RHSA-2022:6964
RHSA-2022:7044		https://access.redhat.com/errata/RHSA-2022:7044
RHSA-2022:7821		https://access.redhat.com/errata/RHSA-2022:7821
RHSA-2022:7830		https://access.redhat.com/errata/RHSA-2022:7830
RHSA-2023:0321		https://access.redhat.com/errata/RHSA-2023:0321
RHSA-2023:1533		https://access.redhat.com/errata/RHSA-2023:1533
RHSA-2023:1742		https://access.redhat.com/errata/RHSA-2023:1742
USN-6491-1		https://usn.ubuntu.com/6491-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35256.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://hackerone.com/reports/1675191

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/ Found at https://hackerone.com/reports/1675191

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35256

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35256

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35256

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5326

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.debian.org/security/2023/dsa-5326

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T13:21:44Z/ Found at https://www.debian.org/security/2023/dsa-5326

Exploit Prediction Scoring System (EPSS)

Percentile	0.66219
EPSS Score	0.00260
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.