Lucene search

[email protected]CVE-2022-46871

HistoryDec 22, 2022 - 8:15 p.m.

CVE-2022-46871

2022-12-2220:15:45

[email protected]

web.nvd.nist.gov

100

firefox

cve-2022-46871

libusrsctp

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.

Affected configurations

Vulners

NVD

Node

mozillafirefoxRange≤108

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::

CNA Affected

[
  {
    "vendor": "Mozilla",
    "product": "Firefox",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "108",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.mozilla.org/show_bug.cgi?id=1795697

lists.debian.org/debian-lts-announce/2023/01/msg00015.html

lists.debian.org/debian-lts-announce/2023/02/msg00018.html

security.gentoo.org/glsa/202305-06

security.gentoo.org/glsa/202305-13

www.debian.org/security/2023/dsa-5322

www.debian.org/security/2023/dsa-5355

www.mozilla.org/security/advisories/mfsa2022-51/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.2%

JSON

CVE-2022-46871

Affected configurations

CNA Affected

References

Related