Lucene search

[email protected]NVD:CVE-2022-36072

HistorySep 06, 2022 - 9:15 p.m.

CVE-2022-36072

2022-09-0621:15:08

CWE-597

[email protected]

web.nvd.nist.gov

silverwaregames.io

online gaming

version 1.1.8

php hash vulnerability

version 1.1.9 fix

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using === instead of == in comparisons where it is possible (e.g. on sign in/sign up handlers).

Affected configurations

NVD

Node

silverwaregamessilverwaregamesRange<1.1.9

References

github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-w4wq-7j4q-j2fh

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

31.8%

JSON

Related for NVD:CVE-2022-36072

prion1 cve1 cvelist1