Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/02/06 12:2 a.m.10 views

CVE-2022-29240

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS6.7AI score0.00982EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/09/15 9:20 p.m.7 views

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS8.1AI score0.00982EPSS
Exploits0References3
cvelist
cvelist
added 2022/09/15 9:20 p.m.26 views

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS8.3AI score0.00982EPSS
Exploits0References3
cve
cve
added 2022/09/15 9:20 p.m.61 views

CVE-2022-29240

The CVE-2022-29240 issue is an uninitialized memory read during LZ4 decompression of a CQL frame in Scylla. If a user supplies a forged uncompressed length, part of the decompression buffer can remain uninitialized, enabling exploitation based on privileges. Reported impacts include an authentica...

8.1CVSS8.1AI score0.00982EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/09/15 9:20 p.m.20 views

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

8.1CVSS8.1AI score0.00982EPSS
Exploits0References5
Rows per page
Query Builder