CVE-2022-1642
📋 TL;DR
A type mismatch vulnerability in Swift's JSONDecoder can cause deterministic crashes when processing malicious JSON documents with floating-point values where integers are expected. This affects Swift-based web applications using swift-corelibs-foundation on Linux and Windows systems. The vulnerability allows denial of service attacks by crashing application endpoints.
💻 Affected Systems
- Swift applications using swift-corelibs-foundation JSONDecoder
📦 What is this software?
Swift by Apple
Swift by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability through repeated crashes, potentially triggering cascading failures in dependent systems or violating service invariants.
Likely Case
Denial of service affecting specific endpoints that process JSON input, requiring service restarts and causing temporary downtime.
If Mitigated
No impact if patched or if using unaffected platforms (Darwin-based systems).
🎯 Exploit Status
Exploitation requires sending crafted JSON to vulnerable endpoints. The advisory includes technical details that make creating exploits straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Swift 5.6.2 for Linux and Windows
Vendor Advisory: https://github.com/apple/swift-corelibs-foundation/security/advisories/GHSA-239c-6cv2-wwx8
Restart Required: Yes
Instructions:
1. Update Swift toolchain to version 5.6.2 or later. 2. Recompile all affected Swift applications. 3. Redeploy updated applications to production.
🔧 Temporary Workarounds
Input validation wrapper
allImplement custom JSON parsing with validation to reject floating-point values for integer fields before passing to JSONDecoder
Web application firewall rules
allBlock requests containing JSON with floating-point values in fields expected to be integers
🧯 If You Can't Patch
- Implement rate limiting on JSON-processing endpoints to reduce DoS impact
- Deploy redundant services with load balancers to maintain availability during attacks
🔍 How to Verify
Check if Vulnerable:
Check if application uses Swift JSONDecoder with Codable types on Linux/Windows and Swift version is below 5.6.2Check Version:
swift --versionVerify Fix Applied:
Verify Swift version is 5.6.2 or later and test with crafted JSON containing floating-point values in integer fields📡 Detection & Monitoring
Log Indicators:
- Application crashes with abort() calls
- Repeated failed requests to JSON endpoints
- Error logs mentioning type mismatch or JSON decoding failures
Network Indicators:
- HTTP requests with JSON containing floating-point values in fields typically expecting integers
- Sudden spikes in 500 errors from JSON endpoints
SIEM Query:
source="application.logs" AND ("abort" OR "JSONDecoder" OR "type mismatch") AND status=500