Products
bwoodsend rockhopper
- up to 0.1.2
Source
cna@vuldb.com
Tags
CVE-2022-4969 details
Last Modified : May 27, 2024, 5:15 p.m.
Description
A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
5.3
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://github.com/bwoodsend/rockhopper/commit/1a15fad5e06ae693eb9b8908363d2c8ef455104e | cna@vuldb.com |
| https://github.com/bwoodsend/rockhopper/releases/tag/v0.2.0 | cna@vuldb.com |
| https://vuldb.com/?ctiid.266312 | cna@vuldb.com |
| https://vuldb.com/?id.266312 | cna@vuldb.com |