{"id":"CVE-2022-31005","summary":"Integer Overflow in Vapor's HTTP Range Request","details":"Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network.","aliases":["GHSA-vj2m-9f5j-mpr5"],"modified":"2026-05-19T03:51:53.514675453Z","published":"2022-05-31T19:35:11Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31005.json","cwe_ids":["CWE-190"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/vapor/vapor/releases/tag/4.60.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31005.json"},{"type":"ADVISORY","url":"https://github.com/vapor/vapor/security/advisories/GHSA-vj2m-9f5j-mpr5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31005"},{"type":"FIX","url":"https://github.com/vapor/vapor/commit/953a349b539b3e0d3653585c8ffb50c427986df1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vapor/vapor","events":[{"introduced":"0"},{"fixed":"953a349b539b3e0d3653585c8ffb50c427986df1"}]}],"versions":["4.60.2","4.60.1","4.60.0","4.59.1","4.59.0","4.58.0","4.57.1","4.57.0","4.56.0","4.55.4","4.55.3","4.55.2","4.55.1","4.55.0","4.54.2","4.54.1","4.54.0","4.53.0","4.52.5","4.52.4","4.52.3","4.52.2","4.52.1","4.52.0","4.51.1","4.51.0","4.50.0","4.49.2","4.49.1","4.49.0","4.48.8","4.48.7","4.48.6","4.48.5","4.48.4","4.48.3","4.48.2","4.48.1","4.48.0","4.47.2","4.47.1","4.47.0","4.46.0","4.45.7","4.45.6","4.45.5","4.45.4","4.45.3","4.45.2","4.45.1","4.45.0","4.44.4","4.44.3","4.44.2","4.44.1","4.44.0","4.43.2","4.43.1","4.43.0","4.42.0","4.41.11","4.41.10","4.41.9","4.41.8","4.41.7","4.41.6","4.41.5","4.41.4","4.41.3","4.41.2","4.41.1","4.41.0","4.40.1","4.40.0","4.39.2","4.39.1","4.39.0","4.38.0","4.37.2","4.37.1","4.37.0","4.36.2","4.36.1","4.36.0","4.35.0","4.34.1","4.34.0","4.33.0","4.32.1","4.32.0","4.31.0","4.30.0","4.29.4","4.29.3","4.29.2","4.29.1","4.29.0","4.28.0","4.27.3","4.27.2","4.27.1","4.27.0","4.26.2","4.26.1","4.26.0","4.25.0","4.24.0","4.23.0","4.22.0","4.21.0","4.20.1","4.20.0","4.19.0","4.18.0","4.17.0","4.16.0","4.15.2","4.15.1","4.15.0","4.14.0","4.13.1","4.13.0","4.12.1","4.12.0","4.11.1","4.11.0","4.10.3","4.10.2","4.10.1","4.10.0","4.9.0","4.8.0","4.7.1","4.7.0","4.6.0","4.5.1","4.5.0","4.4.1","4.4.0","4.3.1","4.3.0","4.2.1","4.2.0","4.1.0","4.0.2","4.0.1","4.0.0","4.0.0-rc.3.12","4.0.0-rc.3.11","4.0.0-rc.3.10","4.0.0-rc.3.9","4.0.0-rc.3.8","4.0.0-rc.3.7","4.0.0-rc.3.6","4.0.0-rc.3.5","4.0.0-rc.3.4","4.0.0-rc.3.3","4.0.0-rc.3.2","4.0.0-rc.3.1","4.0.0-rc.3","4.0.0-rc.2.5","4.0.0-rc.2.4","4.0.0-rc.2.3","4.0.0-rc.2.2","4.0.0-rc.2.1","4.0.0-rc.2","4.0.0-rc.1.3","4.0.0-rc.1.2","4.0.0-rc.1.1","4.0.0-rc.1","4.0.0-beta.4.2","4.0.0-beta.4.1","4.0.0-beta.4","4.0.0-beta.3.25","4.0.0-beta.3.24","4.0.0-beta.3.23","4.0.0-beta.3.22","4.0.0-beta.3.21","4.0.0-beta.3.20","4.0.0-beta.3.19","4.0.0-beta.3.18","4.0.0-beta.3.17","4.0.0-beta.3.16","4.0.0-beta.3.12","4.0.0-beta.3.11","4.0.0-beta.3.10","4.0.0-beta.3.9","4.0.0-beta.3.8","4.0.0-beta.3.7","4.0.0-beta.3.6","4.0.0-beta.3.5","4.0.0-beta.3.4","4.0.0-beta.3.3","4.0.0-beta.3.2","4.0.0-beta.3.1","4.0.0-beta.3","4.0.0-beta.2.1","4.0.0-beta.2","4.0.0-beta.1","4.0.0-alpha.3.2","4.0.0-alpha.3.1.1","4.0.0-alpha.3.1","4.0.0-alpha.3","4.0.0-alpha.2.1","4.0.0-alpha.2","4.0.0-alpha.1.5.1","4.0.0-alpha.1.5","4.0.0-alpha.1.4","4.0.0-alpha.1.3","4.0.0-alpha.1.2","4.0.0-alpha.1.1","4.0.0-alpha.1","3.1.3","3.1.2","3.1.1","3.1.0","2.4.4","3.0.8","3.0.7","3.0.6","3.0.5","3.0.4","3.0.3","3.0.2","3.0.1","3.0.0","3.0.0-rc.2.8.1","3.0.0-rc.2.8","3.0.0-rc.2.7","3.0.0-rc.2.6","3.0.0-rc.2.5","3.0.0-rc.2.4.1","3.0.0-rc.2.4","3.0.0-rc.2.3","3.0.0-rc.2.2.4","3.0.0-rc.2.2.3","3.0.0-rc.2.2.2","3.0.0-rc.2.2.1","3.0.0-rc.2.2","3.0.0-rc.2.1","3.0.0-rc.2.0.2","3.0.0-rc.2.0.1","3.0.0-rc.2","3.0.0-rc.1.1","3.0.0-rc.1","2.4.3","2.4.2","2.4.1","2.4.0","2.3.0","2.2.2","2.2.1","2.2.0","2.1.3","2.1.2","2.1.1","2.1.0","2.0.8","2.0.7","2.0.6","2.0.5","2.0.4","2.0.3","2.0.2","2.0.1","2.0.0","2.0.0-beta.26","2.0.0-beta.25","2.0.0-beta.24","2.0.0-beta.23","2.0.0-beta.22","2.0.0-beta.21","2.0.0-beta.20","2.0.0-beta.19","2.0.0-beta.18","2.0.0-beta.17","2.0.0-beta.16","2.0.0-beta.15","2.0.0-beta.14","2.0.0-beta.13","2.0.0-beta.12","2.0.0-beta.10","2.0.0-beta.9","2.0.0-beta.8","2.0.0-beta.7","2.0.0-beta.6","2.0.0-beta.5","2.0.0-beta.4","2.0.0-beta.3","2.0.0-beta.2","2.0.0-beta.1","2.0.0-alpha.24","2.0.0-alpha.23","2.0.0-alpha.22","2.0.0-alpha.21","2.0.0-alpha.20","2.0.0-alpha.19","2.0.0-alpha.18","2.0.0-alpha.17","2.0.0-alpha.16","2.0.0-alpha.15","2.0.0-alpha.14","2.0.0-alpha.1","1.5.6","1.5.5","1.5.4","1.5.3","1.5.2","1.5.1","1.5.0","1.4.3","1.4.2","1.4.1","1.4.0","1.3.11","1.3.10","1.3.9","1.3.8","1.3.7","1.3.6","1.3.5","1.3.4","1.3.3","1.3.2","1.3.1","1.3.0","1.2.5","1.2.4","1.2.3","1.2.2","1.2.1","1.2.0","1.1.13","1.1.12","1.1.11","1.1.8","1.1.10","1.1.9","1.1.7","1.1.6","1.1.5","1.1.4","1.1.3","1.1.2","1.1.1","1.1.0","1.0.3","1.0.2","1.0.1","1.0.0","0.18.0","0.17.2","0.17.1","0.17.0","0.16.1","0.16.2","0.16.0","0.15.3","0.15.2","0.15.1","0.15.0","0.14.0","0.13.0","0.12.3","0.12.2","0.12.1","0.12.0","0.11.1","0.11.0","0.10.0","0.9.2","0.9.1","0.9.0","0.8.2","0.8.1","0.8.0","0.7.1","0.7.0","0.6.0","0.5.3","0.5.2","0.5.1","0.5.0","0.4.2","0.4.1","0.4.0","0.3.5","0.3.4","0.3.3","0.3.2","0.3.1","0.3.0","0.2.10","0.2.9","0.2.8","0.2.7","0.2.6","0.2.5","0.2.4","0.2.3","0.2.2","0.2.1","0.2.0","0.1.9","0.1.8","0.1.7","0.1.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31005.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}