JVN#79149117: Multiple vulnerabilities in JustSystems products

2023-04-0400:00:00

Japan Vulnerability Notes

jvn.jp

buffer overflow

dos

update

justsystems

vulnerabilities

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

65.2%

JSON

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.

Use After Free (CWE-416) - CVE-2022-43664

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.8
CVSS v2	AV:N/AC:M/Au:N/C:P/I:P/A:P	Base Score: 6.8

Heap-based Buffer Overflow (CWE-122) - CVE-2022-45115

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.8
CVSS v2	AV:N/AC:M/Au:N/C:P/I:P/A:P	Base Score: 6.8

Free of Memory not on the Heap (CWE-590) - CVE-2023-22291

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.0
CVSS v2	AV:N/AC:H/Au:N/C:P/I:P/A:P	Base Score: 5.1

Heap-based Buffer Overflow (CWE-122) - CVE-2023-22660

Version	Vector	Score
CVSS v3	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.0
CVSS v2	AV:N/AC:H/Au:N/C:P/I:P/A:P	Base Score: 5.1

Impact

Processing a specialy crafted file may cause a buffer overflow and/or denial-of-service (DoS) condition.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer
For more information, refer to the information provided by the developer.

Products Affected

Ichitaro series
Hanako series
Rakuraku Hagaki series
Label Mighty series
JUST Office series
JUST Government series
JUST Police series
Homepage Builder 21
A wide range of products is affected. For the details, refer to the information provided by the developer.