Lucene search

Veracode Vulnerability DatabaseVERACODE:38482

HistoryDec 15, 2022 - 1:44 a.m.

Out-Of-Bounds Read

2022-12-1501:44:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

capnproto is vulnerable to out-of-bounds reads. The out-of-bounds read vulnerability may lead to exfiltration of memory resulting in crashes or perhaps disclosure of sensitive information.

CPENameOperatorVersion
capnproto:sideq0.7.0-7
conmon-rseq0.4.0__2.rhaos4.12.git.el8
capnproto:sideq0.7.0-7
conmon-rseq0.4.0__2.rhaos4.12.git.el8

Name	Operator	Version
capnproto:sid	eq	0.7.0-7
conmon-rs	eq	0.4.0__2.rhaos4.12.git.el8
capnproto:sid	eq	0.7.0-7
conmon-rs	eq	0.4.0__2.rhaos4.12.git.el8

References

github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9

github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4/

lists.fedoraproject.org/archives/list/[email protected]/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY/

lists.fedoraproject.org/archives/list/[email protected]/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY/

lists.fedoraproject.org/archives/list/[email protected]/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX/

lists.fedoraproject.org/archives/list/[email protected]/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4/

security-tracker.debian.org/tracker/CVE-2022-46149

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for VERACODE:38482