Lucene search

GitHub_MCVELIST:CVE-2022-31135

HistoryJul 07, 2022 - 5:50 p.m.

CVE-2022-31135 Maliciously crafted evidence packet may cause denial of service

2022-07-0717:50:11

CWE-129

GitHub_M

www.cve.org

open source

akashi server

denial of service

crafted evidence packet

upgrade

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.8%

JSON

Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.

CNA Affected

[
  {
    "product": "akashi",
    "vendor": "AttorneyOnline",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.4"
      }
    ]
  }
]

References

github.com/AttorneyOnline/akashi/commit/5566cdfedddef1f219aee33477d9c9690bf2f78b

github.com/AttorneyOnline/akashi/security/advisories/GHSA-vj86-vfmg-q68v

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.8%

JSON

Related for CVELIST:CVE-2022-31135