# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-31799 |
755 |
|
|
2022-06-02 |
2022-06-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Bottle before 0.12.20 mishandles errors during early request binding. |
2 |
CVE-2022-30688 |
269 |
|
|
2022-05-17 |
2022-05-25 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files. |
3 |
CVE-2022-29221 |
94 |
|
|
2022-05-24 |
2022-06-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. |
4 |
CVE-2022-28739 |
125 |
|
|
2022-05-09 |
2022-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. |
5 |
CVE-2022-28463 |
120 |
|
Overflow |
2022-05-08 |
2022-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. |
6 |
CVE-2022-28346 |
89 |
|
Sql |
2022-04-12 |
2022-06-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. |
7 |
CVE-2022-27239 |
787 |
|
Overflow +Priv |
2022-04-27 |
2022-06-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. |
8 |
CVE-2022-27114 |
190 |
|
Overflow |
2022-05-09 |
2022-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. |
9 |
CVE-2022-26847 |
200 |
|
+Info |
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. |
10 |
CVE-2022-26846 |
|
|
Exec Code |
2022-03-10 |
2022-03-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. |
11 |
CVE-2022-26691 |
269 |
|
+Priv |
2022-05-26 |
2022-06-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
12 |
CVE-2022-26662 |
776 |
|
|
2022-03-10 |
2022-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. |
13 |
CVE-2022-26661 |
611 |
|
|
2022-03-10 |
2022-03-18 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. |
14 |
CVE-2022-26505 |
290 |
|
|
2022-03-06 |
2022-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. |
15 |
CVE-2022-26495 |
190 |
|
Overflow |
2022-03-06 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. |
16 |
CVE-2022-26491 |
295 |
|
|
2022-06-02 |
2022-06-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. |
17 |
CVE-2022-26361 |
|
|
Mem. Corr. |
2022-04-05 |
2022-06-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. |
18 |
CVE-2022-26360 |
|
|
Mem. Corr. |
2022-04-05 |
2022-06-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. |
19 |
CVE-2022-26354 |
772 |
|
|
2022-03-16 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. |
20 |
CVE-2022-26291 |
416 |
|
DoS |
2022-03-28 |
2022-05-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. |
21 |
CVE-2022-25375 |
668 |
|
+Info |
2022-02-20 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. |
22 |
CVE-2022-25258 |
476 |
|
Mem. Corr. |
2022-02-16 |
2022-05-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. |
23 |
CVE-2022-24959 |
401 |
|
|
2022-02-11 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. |
24 |
CVE-2022-24921 |
400 |
|
|
2022-03-05 |
2022-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. |
25 |
CVE-2022-24919 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2022-04-18 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
26 |
CVE-2022-24917 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2022-04-18 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
27 |
CVE-2022-24884 |
347 |
|
|
2022-05-06 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. |
28 |
CVE-2022-24859 |
835 |
|
|
2022-04-18 |
2022-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream. |
29 |
CVE-2022-24801 |
444 |
|
|
2022-04-04 |
2022-06-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. |
30 |
CVE-2022-24754 |
120 |
|
Overflow |
2022-03-11 |
2022-06-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in the master branch of the PJSIP repository and will be included with the next release. Users unable to upgrade need to check that the hashed digest data length must be equal to `PJSIP_MD5STRLEN` before passing to PJSIP. |
31 |
CVE-2022-24713 |
400 |
|
DoS Bypass |
2022-03-08 |
2022-06-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. |
32 |
CVE-2022-24448 |
909 |
|
|
2022-02-04 |
2022-05-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. |
33 |
CVE-2022-24407 |
89 |
|
Sql |
2022-02-24 |
2022-04-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
34 |
CVE-2022-24349 |
79 |
|
XSS |
2022-03-09 |
2022-04-18 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. |
35 |
CVE-2022-24302 |
362 |
|
|
2022-03-17 |
2022-05-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. |
36 |
CVE-2022-24130 |
120 |
|
Overflow |
2022-01-31 |
2022-02-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. |
37 |
CVE-2022-23959 |
444 |
|
|
2022-01-26 |
2022-03-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. |
38 |
CVE-2022-23943 |
787 |
|
|
2022-03-14 |
2022-06-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. |
39 |
CVE-2022-23852 |
190 |
|
Overflow |
2022-01-24 |
2022-06-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
40 |
CVE-2022-23837 |
770 |
|
|
2022-01-21 |
2022-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. |
41 |
CVE-2022-23806 |
252 |
|
|
2022-02-11 |
2022-05-10 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. |
42 |
CVE-2022-23772 |
190 |
|
Overflow |
2022-02-11 |
2022-05-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. |
43 |
CVE-2022-23608 |
416 |
|
|
2022-02-22 |
2022-04-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. |
44 |
CVE-2022-23607 |
200 |
|
+Info |
2022-02-01 |
2022-05-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain ("supercookies"). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it. |
45 |
CVE-2022-23308 |
416 |
|
|
2022-02-26 |
2022-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. |
46 |
CVE-2022-23221 |
94 |
|
Exec Code |
2022-01-19 |
2022-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. |
47 |
CVE-2022-23134 |
863 |
|
|
2022-01-13 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. |
48 |
CVE-2022-23098 |
835 |
|
|
2022-01-28 |
2022-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. |
49 |
CVE-2022-23097 |
125 |
|
|
2022-01-28 |
2022-03-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. |
50 |
CVE-2022-23096 |
125 |
|
|
2022-01-28 |
2022-03-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. |