Lucene search

MitreCVE-2022-31264

HistoryMay 21, 2022 - 9:15 p.m.

CVE-2022-31264

2022-05-2121:15:51

CWE-190

mitre

web.nvd.nist.gov

cve-2022-31264

solana

solana_rbpf

integer overflow

elf program headers

elf.rs

panic

ebpf program

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.1%

JSON

Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.

Affected configurations

Nvd

Node

solanalabsrbpfRange<0.2.29

VendorProductVersionCPE
solanalabsrbpf*cpe:2.3:a:solanalabs:rbpf:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solanalabs	rbpf	*	cpe:2.3:a:solanalabs:rbpf::::::::

References

github.com/Ainevsia/CVE-Request/tree/main/Solana/1

github.com/solana-labs/rbpf/releases/tag/v0.2.29

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

31.1%

JSON

Related for CVE-2022-31264