Lucene search

[email protected]NVD:CVE-2022-39843

HistorySep 05, 2022 - 7:15 a.m.

CVE-2022-39843

2022-09-0507:15:08

CWE-787

[email protected]

web.nvd.nist.gov

123elf lotus 1-2-3

stack-based buffer overflow

cell format processing

worksheet

arbitrary code

crafted worksheet

w3r_format

process_fmt()

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.2%

JSON

123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for UNIX and other platforms through 9.8.2, allow attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from process_fmt() that can be reached via a w3r_format element in a wk3 document.

Affected configurations

NVD

Node

lotus_1-2-3_projectlotus_1-2-3Match1.0.0rc1

lotus_1-2-3_projectlotus_1-2-3Match1.0.0rc2

AND

linuxlinux_kernelMatch-

References

github.com/taviso/123elf/issues/103

github.com/taviso/123elf/releases/tag/v1.0.0rc3

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for NVD:CVE-2022-39843

osv1 prion1 cvelist1 cve1