CVE-2022-24667 in swift-nio-http2
Summary
by MITRE • 02/10/2022
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/14/2022
The vulnerability described in CVE-2022-24667 represents a critical denial of service weakness affecting the swift-nio-http2 library, which is widely used in high-performance network applications written in Swift. This flaw exists within the HTTP/2 implementation's handling of HPACK-encoded header blocks, specifically in versions ranging from 1.0.0 to 1.19.1. The vulnerability stems from improper parsing logic that fails to adequately validate incoming header data, creating multiple entry points for malicious actors to exploit. According to CWE-129, this vulnerability manifests as an insufficient input validation issue, where the system does not properly validate the bounds of input data before processing it, leading to unpredictable behavior and system instability. The attack vector is particularly concerning because it can be executed by any peer connected to an HTTP/2 service, making it applicable to both client and server implementations that utilize this library.
The technical implementation errors within the HPACK decoder create a scenario where specially crafted header blocks can trigger immediate process crashes without the typical integer overflow conditions that might be expected in such parsing scenarios. These malformed header blocks can be transmitted through any HPACK-carrying frames within HTTP/2 connections, specifically targeting HEADERS and PUSH_PROMISE frames, which are fundamental components of HTTP/2 protocol communication. The vulnerability operates at the network protocol level, making it particularly dangerous because it requires minimal resources to execute effectively while delivering maximum impact. The attack's low resource requirements and high availability impact align with ATT&CK technique T1499.004, which describes network denial of service attacks that target availability by causing system failures or resource exhaustion. The fact that any connection peer can initiate this attack without special permissions means that both client and server implementations are equally vulnerable, creating a broad attack surface that affects numerous applications using the swift-nio-http2 library.
The operational impact of this vulnerability extends beyond simple service disruption, as the immediate crashes can potentially expose underlying system invariants that might lead to additional security risks. While the primary risk is availability, the sudden process termination can create error conditions that might compromise confidentiality or integrity, particularly in complex services where process state management is critical. The fix implemented addresses the core parsing code by rewriting it to correctly handle all edge cases and conditions that previously led to crashes, demonstrating the importance of robust input validation in network protocol implementations. The vulnerability was initially discovered through automated fuzzing by oss-fuzz, highlighting the effectiveness of continuous security testing in identifying protocol-level weaknesses, while additional related bugs were found through code audit processes, indicating that this was not an isolated incident but rather a systemic parsing issue that required comprehensive review and remediation.
Mitigation strategies for this vulnerability focus primarily on preventing untrusted peers from establishing connections to affected services, though this approach is not universally applicable given the nature of many HTTP/2 implementations that must accept connections from unknown parties. The remediation effort involved complete rewriting of the parsing logic to ensure proper handling of all HPACK encoding conditions, which represents a significant improvement over the previous implementation that contained multiple parsing edge cases. This vulnerability underscores the critical importance of proper input validation in network protocol libraries, particularly those handling compressed header data where malformed inputs can quickly lead to system instability. The attack demonstrates how seemingly minor parsing flaws in protocol implementations can have major consequences for service availability and, in some cases, potentially introduce additional security risks through process state corruption. Organizations using swift-nio-http2 should prioritize upgrading to versions that contain the patched implementation, as the vulnerability affects a fundamental network communication component that is widely deployed across various applications and services.