CVE-2022-29503

2022-09-2917:15:28

CWE-119

CWE-770

[email protected]

web.nvd.nist.gov

cve-2022-29503

memory corruption

uclibc

linuxthreads

thread allocation

vulnerability

memory corruption

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.8%

JSON

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.

Affected configurations

Nvd

Node

uclibcuclibcMatch0.9.33.2

Node

uclibc-ng_projectuclibc-ngMatch1.0.40

Node

ankereufy_homebase_2_firmwareMatch2.1.8.8h

AND

ankereufy_homebase_2Match-

VendorProductVersionCPE
uclibcuclibc0.9.33.2cpe:2.3:a:uclibc:uclibc:0.9.33.2:*:*:*:*:*:*:*
uclibc-ng_projectuclibc-ng1.0.40cpe:2.3:a:uclibc-ng_project:uclibc-ng:1.0.40:*:*:*:*:*:*:*
ankereufy_homebase_2_firmware2.1.8.8hcpe:2.3:o:anker:eufy_homebase_2_firmware:2.1.8.8h:*:*:*:*:*:*:*
ankereufy_homebase_2-cpe:2.3:h:anker:eufy_homebase_2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
uclibc	uclibc	0.9.33.2	cpe:2.3:a:uclibc:uclibc:0.9.33.2:::::::*
uclibc-ng_project	uclibc-ng	1.0.40	cpe:2.3:a:uclibc-ng_project:uclibc-ng:1.0.40:::::::*
anker	eufy_homebase_2_firmware	2.1.8.8h	cpe:2.3:o:anker:eufy_homebase_2_firmware:2.1.8.8h:::::::*
anker	eufy_homebase_2	-	cpe:2.3:h:anker:eufy_homebase_2:-:::::::*