CVE-2022-4066 : A vulnerability was found in davidmoreno onion. It has been rated as problematic

A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is de8ea938342b36c28024fd8393ebc27b8442a161. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-214028.

Published 2022-11-19 19:15:11

Updated 2022-11-28 13:41:31

Source VulDB

View at NVD, CVE.org

Products affected by CVE-2022-4066

Mozilla » Firefox » Version: N/A
cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
Matching versions
Onion Project » Onion
Versions before (<) 2022-09-05
cpe:2.3:a:onion_project:onion:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-4066

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-4066

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	2.1	1.4	VulDB
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H	3.9	4.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2022-4066

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: cna@vuldb.com (Primary)
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Primary)
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2022-4066

https://github.com/davidmoreno/onion/pull/308

Fix a potential log spamming and DOS attack by kulkom · Pull Request #308 · davidmoreno/onion · GitHub
Exploit;Patch;Third Party Advisory
https://github.com/davidmoreno/onion/commit/de8ea938342b36c28024fd8393ebc27b8442a161

Merge pull request #308 from kulkom/master · davidmoreno/onion@de8ea93 · GitHub
Patch;Third Party Advisory
https://vuldb.com/?id.214028

CVE-2022-4066 | davidmoreno onion Log response.c onion_response_flush allocation of resources (ID 308)
Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-4066

Products affected by CVE-2022-4066

Exploit prediction scoring system (EPSS) score for CVE-2022-4066

CVSS scores for CVE-2022-4066

CWE ids for CVE-2022-4066

References for CVE-2022-4066