Lucene search

[email protected]NVD:CVE-2022-36938

HistoryNov 11, 2022 - 12:15 a.m.

CVE-2022-36938

2022-11-1100:15:10

CWE-125

CWE-1284

[email protected]

web.nvd.nist.gov

redex

dexloader

vulnerability

out of bound

remote code execution

android

apk

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.6%

JSON

DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.

Affected configurations

NVD

Node

facebookredexRange<2022-11-04

References

github.com/facebook/redex/commit/3b44c640346b77bfb7ef36e2413688dd460288d2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for NVD:CVE-2022-36938

prion1 cve1 cvelist1 osv1