## https://sploitus.com/exploit?id=3E9F24C3-A474-502C-BE6C-BE209F252805
# cve-2022-21907-http.sys by 1vere$k
CVE-2022-21907 - Double Free in http.sys driver.
## Summary
An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request header triggering a double free in the unknown coding-list inside the HTTP Protocol Stack (http.sys) to process packets, resulting in a kernel crash.
## Vulnerable systems
Windows Server 2019 and Windows 10 version 1809:
- Not vulnerable by default. Unless you have set the HTTP Trailer Support.
- Windows 10 version 2004 (build 19041.450): **Vulnerable**
## Contact
You are free to contact me via [Keybase](https://keybase.io/1veresk) for any details.