Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 12:2 a.m.10 views

CVE-2022-29240

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS6.7AI score0.00982EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/15 9:20 p.m.24 views

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS8.3AI score0.00982EPSS
Exploits0References3
CVE
CVE
added 2022/09/15 9:20 p.m.60 views

CVE-2022-29240

The CVE-2022-29240 issue is an uninitialized memory read during LZ4 decompression of a CQL frame in Scylla. If a user supplies a forged uncompressed length, part of the decompression buffer can remain uninitialized, enabling exploitation based on privileges. Reported impacts include an authentica...

8.1CVSS8.1AI score0.00982EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/15 9:20 p.m.7 views

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS8.1AI score0.00982EPSS
Exploits0References3
OSV
OSV
added 2022/09/15 9:20 p.m.20 views

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS8.1AI score0.00982EPSS
Exploits0References5
Rows per page
Query Builder