Vulnerability Details : CVE-2022-0497
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.
Exploit prediction scoring system (EPSS) score for CVE-2022-0497
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-0497
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
nvd@nist.gov |
CWE ids for CVE-2022-0497
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2022-0497
-
https://github.com/openscad/openscad/issues/4043
Out-of-bounds memory access in comment parser (file without trailing newline) · Issue #4043 · openscad/openscad · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
https://github.com/openscad/openscad/pull/4044
Add file bounds check to comment parser, issue #4043 by eldstal · Pull Request #4044 · openscad/openscad · GitHubPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2050699
2050699 – (CVE-2022-0497) CVE-2022-0497 openscad: Out-of-bounds memory access in comment parserIssue Tracking;Third Party Advisory
Products affected by CVE-2022-0497
- cpe:2.3:a:openscad:openscad:*:*:*:*:*:*:*:*