CVE-2022-4969 : A vulnerability, which was classified as critical, has been found in bwoodsend r

A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312.

Published 2024-05-27 16:31:05

Updated 2024-06-06 16:15:10

Source VulDB

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2022-4969

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2022-4969

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-4969

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3		AV:L/AC:L/Au:S/C:P/I:P/A:P	N/A	N/A	VulDB	2024-05-27
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
4.3	MEDIUM	AV:L/AC:L/Au:S/C:P/I:P/A:P	3.1	6.4	VulDB	2024-05-27
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.3	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	N/A	N/A	VulDB	2024-05-27
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	N/A	N/A	VulDB	2024-05-27
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	1.8	3.4	VulDB	2024-05-27
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/V...	N/A	N/A	VulDB	2024-05-27
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: Low User Interaction: None Confidentiality (VC): Low Integrity (VI): Low Availability (VA): Low

CWE ids for CVE-2022-4969

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Assigned by:
- 1af790b2-7ee1-4545-860a-a788eba489b5 (Primary)
- cna@vuldb.com (Secondary)

References for CVE-2022-4969

https://vuldb.com/?ctiid.266312

CVE-2022-4969: bwoodsend rockhopper Binary Parser ragged_array.c count_rows buffer overflow
https://github.com/bwoodsend/rockhopper/commit/1a15fad5e06ae693eb9b8908363d2c8ef455104e

Fix a potential security exploit in RaggedArray.loads(buffer, ldtype=… · bwoodsend/rockhopper@1a15fad · GitHub
https://vuldb.com/?id.266312
https://github.com/bwoodsend/rockhopper/releases/tag/v0.2.0

Release v0.2.0 · bwoodsend/rockhopper · GitHub

Jump to

Vulnerability Details : CVE-2022-4969

Products affected by CVE-2022-4969

Exploit prediction scoring system (EPSS) score for CVE-2022-4969

CVSS scores for CVE-2022-4969

CWE ids for CVE-2022-4969

References for CVE-2022-4969