CVE-2019-8849 – github.com/apple/swift-nio-ssl

Package

Manager: swift
Name: github.com/apple/swift-nio-ssl
Vulnerable Version: >=2.0.0 <2.4.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00593 pctl0.68304

Details

SwiftNIO SSL arbitrary code execution vulnerability A SwiftNIO application using TLS may be able to execute arbitrary code. The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1.

Metadata

Created: 2022-05-24T17:04:41Z
Modified: 2025-08-04T14:23:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-frg3-gpcx-968f/GHSA-frg3-gpcx-968f.json
CWE IDs: []
Alternative ID: GHSA-frg3-gpcx-968f
Finding: F111
Auto approve: 1