A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING
Published 2022-07-19 20:15:11
Updated 2022-11-21 19:01:10
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Memory Corruption

Exploit prediction scoring system (EPSS) score for CVE-2022-2476

0.08%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-2476

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.5
MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1.8
3.6
NIST

CWE ids for CVE-2022-2476

  • The product dereferences a pointer that it expects to be valid but is NULL.
    Assigned by:
    • nvd@nist.gov (Secondary)
    • secalert@redhat.com (Primary)

References for CVE-2022-2476

Products affected by CVE-2022-2476

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!