CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3252
https://notcve.org/view.php?id=CVE-2022-3252
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. • https://github.com/apple/swift-nio-extras/security/advisories/GHSA-773g-x274-8qmf • CWE-606: Unchecked Input for Loop Condition CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •