Lucene search

[email protected]CVE-2022-47630

HistoryJan 16, 2023 - 4:15 p.m.

CVE-2022-47630

2023-01-1616:15:10

CWE-125

[email protected]

web.nvd.nist.gov

cve-2022-47630

trusted firmware-a

x.509 parser

out-of-bounds read

security vulnerability

microarchitectural state

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.

Affected configurations

NVD

Node

armtrusted_firmware-aRange1.2–2.8

CPENameOperatorVersion
arm:trusted_firmware-aarm trusted firmware-ale2.8

CPE	Name	Operator	Version
arm:trusted_firmware-a	arm trusted firmware-a	le	2.8

References

www.openwall.com/lists/oss-security/2023/01/16/8

trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html

www.trustedfirmware.org/news/

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for CVE-2022-47630

veracode1 ubuntucve1 cvelist1 nvd1 prion1 debiancve1 osv1