Lucene search

[email protected]NVD:CVE-2023-52267

HistoryDec 31, 2023 - 12:15 a.m.

CVE-2023-52267

2023-12-3100:15:44

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-52267

error logging

long strings

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.

Affected configurations

Nvd

Node

hongliuliaoehttpMatch1.0.6

VendorProductVersionCPE
hongliuliaoehttp1.0.6cpe:2.3:a:hongliuliao:ehttp:1.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hongliuliao	ehttp	1.0.6	cpe:2.3:a:hongliuliao:ehttp:1.0.6:::::::*

References

github.com/hongliuliao/ehttp/commit/17405b975948abc216f6a085d2d027ec1cfd5766

github.com/hongliuliao/ehttp/issues/38

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2023-52267

prion1 osv1 cvelist1 cve1