CVE-2022-3807 : A vulnerability was found in Axiomatic Bento4. It has been rated as problematic.

A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660.

Published 2022-11-01 20:15:22

Updated 2023-07-21 20:20:44

Source VulDB

View at NVD, CVE.org

Products affected by CVE-2022-3807

Axiosys » Bento4 » Version: N/A
cpe:2.3:a:axiosys:bento4:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-3807

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3807

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L	2.8	1.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-3807

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Assigned by: nvd@nist.gov (Primary)
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: cna@vuldb.com (Secondary)
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Secondary)

References for CVE-2022-3807

https://github.com/axiomatic-systems/Bento4/issues/803

Incomplete fix of CVE-2019-13238, Exhaustive memory misunhandle · Issue #803 · axiomatic-systems/Bento4 · GitHub
Issue Tracking;Third Party Advisory
https://github.com/axiomatic-systems/Bento4/files/9820612/mp42aac_exhaustive_AP4_RtpAtom50.zip

Exploit;Third Party Advisory
https://vuldb.com/?id.212660

CVE-2022-3807 | Axiomatic Bento4 Incomplete Fix CVE-2019-13238 resource consumption (ID 803)
Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-3807

Products affected by CVE-2022-3807

Exploit prediction scoring system (EPSS) score for CVE-2022-3807

CVSS scores for CVE-2022-3807

CWE ids for CVE-2022-3807

References for CVE-2022-3807