Lucene search

GoogleOSV:CVE-2022-48554

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2022-48554

2023-08-2219:16:31

Google

osv.dev

open source

stack-based buffer

file

funcs.c

software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: “File” is the name of an Open Source project.

CPENameOperatorVersion
fileeqFILE3_40
fileeqFILE4_16
fileeqFILE4_15
fileeqFILE3_34
fileeqFILE5_03
fileeqFILE3_33
fileeqFILE3_30
fileeqFILE5_26
fileeqFILE4_12
fileeqFILE5_21

Name	Operator	Version
file	eq	FILE3_40
file	eq	FILE4_16
file	eq	FILE4_15
file	eq	FILE3_34
file	eq	FILE5_03
file	eq	FILE3_33
file	eq	FILE3_30
file	eq	FILE5_26
file	eq	FILE4_12
file	eq	FILE5_21

Rows per page:

1-10 of 821

References

seclists.org/fulldisclosure/2024/Mar/21

seclists.org/fulldisclosure/2024/Mar/24

seclists.org/fulldisclosure/2024/Mar/25

bugs.astron.com/view.php?id=310

security.netapp.com/advisory/ntap-20231116-0002/

support.apple.com/kb/HT214081

support.apple.com/kb/HT214084

support.apple.com/kb/HT214086

support.apple.com/kb/HT214088

www.debian.org/security/2023/dsa-5489

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

Related for OSV:CVE-2022-48554