How severe is CVE-2023-29197?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-29197?

This is classified as CWE-436, which is a common weakness in software security.

CVE-2023-29197 - HIGH Severity | CVSS 7.5

Vulnerability Description

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade.

Related Vulnerabilities

CVE-2019-17596

HIGH

CVSS:7.5(High)

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client t...

CWE-4362019

CVE-2020-10193

HIGH

CVSS:7.5(High)

ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Secur...

CWE-4362020

CVE-2021-39137

HIGH

CVSS:7.5(High)

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse...

CWE-4362021

CVE-2022-23773

HIGH

CVSS:7.5(High)

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able ...

CWE-4362022

CVE-2022-48230

HIGH

CVSS:7.5(High)

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS.

CWE-4362022

CVE-2022-48261

HIGH

CVSS:7.5(High)

There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause the printer service to be abnormal.

CWE-4362022