{"id":"CVE-2023-52266","details":"ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.","modified":"2026-04-12T09:09:23.635256Z","published":"2023-12-31T00:15:44.440Z","references":[{"type":"FIX","url":"https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766"},{"type":"EVIDENCE","url":"https://github.com/hongliuliao/ehttp/issues/38"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hongliuliao/ehttp","events":[{"introduced":"0"},{"last_affected":"fecabdc4a01897c126df324fc001b57bf8e94ef5"},{"fixed":"17405b975948abc216f6a085d2d027ec1cfd5766"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0.6"}]}}],"versions":["1.0.1","1.0.2","1.0.3","1.0.3-fix","1.0.4","1.0.5","1.0.6","bio_version"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52266.json","vanir_signatures_modified":"2026-04-12T09:09:23Z","vanir_signatures":[{"source":"https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766","signature_type":"Function","deprecated":false,"digest":{"length":736,"function_hash":"73602595406765603495895243458529999594"},"signature_version":"v1","id":"CVE-2023-52266-4a636073","target":{"file":"src/sim_parser.cpp","function":"Request::parse_request"}},{"source":"https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766","signature_type":"Function","deprecated":false,"digest":{"length":677,"function_hash":"93877066501049313000888507392004009704"},"signature_version":"v1","id":"CVE-2023-52266-8d009e71","target":{"file":"src/epoll_socket.cpp","function":"EpollSocket::handle_readable_event"}},{"source":"https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["97078807774778642258282973658459630335","338064464938120916455642639290206514037","274913430948339487223909751919153920503","152853396008199110312237658894110687106"]},"signature_version":"v1","id":"CVE-2023-52266-a66d2add","target":{"file":"src/sim_parser.cpp"}},{"source":"https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766","signature_type":"Function","deprecated":false,"digest":{"length":256,"function_hash":"31465679358294368451393686241417280189"},"signature_version":"v1","id":"CVE-2023-52266-bcea52ce","target":{"file":"src/epoll_socket.cpp","function":"read_func"}},{"source":"https://github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["329241973833385240603699716665315814897","112175492930112887238917383991016779289","288691531011773280941275128769726435664","253932568007561709924862045390154546888","90885647615834147087855771394769476914","20238336541240907050694021874287316153","85229494304821332111168579485102171358","18689021168757126544170751874331136107","133910018089163050764349913131236699907","16216665604355755383291786654020254619","302957446397306479393092314695632629083"]},"signature_version":"v1","id":"CVE-2023-52266-d4e314c9","target":{"file":"src/epoll_socket.cpp"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}