Lucene search

[email protected]CVE-2022-48620

HistoryJan 12, 2024 - 4:15 a.m.

CVE-2022-48620

2024-01-1204:15:08

CWE-120

[email protected]

web.nvd.nist.gov

uev

libuev

buffer overflow

epoll_wait

cve-2022-48620

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

Affected configurations

NVD

Node

troglobitlibeuvRange<2.4.1

CPENameOperatorVersion
troglobit:libeuvtroglobit libeuvlt2.4.1

CPE	Name	Operator	Version
troglobit:libeuv	troglobit libeuv	lt	2.4.1

References

github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9

github.com/troglobit/libuev/compare/v2.4.0...v2.4.1

github.com/troglobit/libuev/issues/27

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

Related for CVE-2022-48620

ubuntucve1 openvas4 veracode1 debiancve1 nessus4 osv1 prion1 nvd1 fedora3 cvelist1