Lucene search

[email protected]CVE-2022-29694

HistoryJun 02, 2022 - 2:15 p.m.

CVE-2022-29694

2022-06-0214:15:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2022-29694

unicorn engine

null pointer dereference

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

47.5%

JSON

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.

CPENameOperatorVersion
unicorn-engine:unicorn_engineunicorn-engine unicorn engineeq2.0.0

CPE	Name	Operator	Version
unicorn-engine:unicorn_engine	unicorn-engine unicorn engine	eq	2.0.0

References

github.com/unicorn-engine/unicorn/commit/3d3deac5e6d38602b689c4fef5dac004f07a2e63

github.com/unicorn-engine/unicorn/issues/1588

github.com/unicorn-engine/unicorn/pull/1593/commits/31389e59457f304be3809f9679f91a42daa7ebaa

github.com/unicorn-engine/unicorn/pull/1593/commits/6a879a082d4d67a5d13f1233ae0334cde0a7f844

violentbinary.github.io/posts/2-simple-analysis-of-software-virtualization-of-memory-in-unicorn-engine/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for CVE-2022-29694

cvelist1 osv1 cnvd1 prion1