Lucene search

GitHub_MCVELIST:CVE-2022-36072

HistorySep 06, 2022 - 8:45 p.m.

CVE-2022-36072 SilverwareGames.io used == for hashing instead of ===

2022-09-0620:45:11

CWE-597

GitHub_M

www.cve.org

cve-2022-36072

silverwaregames.io

php hashing

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using === instead of == in comparisons where it is possible (e.g. on sign in/sign up handlers).

CNA Affected

[
  {
    "product": "silverwaregames-io-issue-tracker",
    "vendor": "mesosoi",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.1.9"
      }
    ]
  }
]

References

github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-w4wq-7j4q-j2fh

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for CVELIST:CVE-2022-36072