Lucene search

CERTVDECVE-2022-47924

HistoryMar 27, 2023 - 2:15 p.m.

CVE-2022-47924

2023-03-2714:15:07

CWE-20

CERTVDE

web.nvd.nist.gov

cve

2022

47924

high privileged attacker

arbitrary code execution

dos

secvisogram

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.

Affected configurations

Nvd

Node

csaf-validator-lib_projectcsaf-validator-libRange<0.1.0

VendorProductVersionCPE
csaf-validator-lib_projectcsaf-validator-lib*cpe:2.3:a:csaf-validator-lib_project:csaf-validator-lib:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
csaf-validator-lib_project	csaf-validator-lib	*	cpe:2.3:a:csaf-validator-lib_project:csaf-validator-lib::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "csaf-validator-lib",
    "repo": "https://github.com/secvisogram/csaf-validator-lib",
    "vendor": "Secvisogram",
    "versions": [
      {
        "lessThan": "0.1.0",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-47924