Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2022-21688
HistoryJan 18, 2022 - 12:00 a.m.

CVE-2022-21688

2022-01-1800:00:00
ubuntu.com
ubuntu.com
8

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.1%

JSON

OnionShare is an open source tool that lets you securely and anonymously
share files, host websites, and chat with friends using the Tor network.
Affected versions of the desktop application were found to be vulnerable to
denial of service via an undisclosed vulnerability in the QT image parsing.
Roughly 20 bytes lead to 2GB memory consumption and this can be triggered
multiple times. To be abused, this vulnerability requires rendering in the
history tab, so some user interaction is required. An adversary with
knowledge of the Onion service address in public mode or with
authentication in private mode can perform a Denial of Service attack,
which quickly results in out-of-memory for the server. This requires the
desktop application with rendered history, therefore the impact is only
elevated. This issue has been patched in version 2.5.

Related

debiancve 1
cnvd 1
osv 3
cve 1
cvelist 1
nvd 1
prion 1
github 1
debiancve
debiancve
CVE-2022-21688
2022-01-18 22:15:00
cnvd
cnvd
OnionShare out-of-bounds read vulnerability
2022-01-19 00:00:00
osv
osv
Out-of-bounds Read in Onionshare
2022-01-21 23:20:29
PYSEC-2022-39
2022-01-18 22:15:00
CVE-2022-21688
2022-01-18 22:15:07
cve
cve
CVE-2022-21688
2022-01-18 22:15:07
cvelist
cvelist
CVE-2022-21688 Out-of-bounds Read in Onionshare
2022-01-18 21:45:11
nvd
nvd
CVE-2022-21688
2022-01-18 22:15:07
prion
prion
Denial of service
2022-01-18 22:15:00
github
github
Out-of-bounds Read in Onionshare
2022-01-21 23:20:29

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.1%

JSON
Related for UB:CVE-2022-21688
debiancve1cnvd1osv3cve1cvelist1nvd1prion1github1