Lucene search

K
cve[email protected]CVE-2022-24942
HistoryNov 15, 2022 - 9:15 p.m.

CVE-2022-24942

2022-11-1521:15:36
CWE-787
CWE-122
web.nvd.nist.gov
54
4
cve-2022-24942
buffer overflow
micrium uc-http
remote code execution
http server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

76.2%

Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.

Affected configurations

NVD
Node
silabsmicrium_uc-httpMatch3.01.01
VendorProductVersionCPE
silabsmicrium_uc-http3.01.01cpe:/a:silabs:micrium_uc-http:3.01.01:::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Gecko Platform",
    "vendor": "silabs.com",
    "versions": [
      {
        "lessThan": "4.1.1.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

76.2%

Related for CVE-2022-24942