Lucene search

VulDBCVE-2022-3813

HistoryNov 01, 2022 - 10:15 p.m.

CVE-2022-3813

2022-11-0122:15:12

CWE-404

VulDB

web.nvd.nist.gov

axiomatic bento4

cve-2022-3813

mp4edit

vulnerability

remote attack

memory leak

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679.

Affected configurations

Nvd

Node

axiosysbento4Match1.6.0-639

VendorProductVersionCPE
axiosysbento41.6.0-639cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
axiosys	bento4	1.6.0-639	cpe:2.3:a:axiosys:bento4:1.6.0-639:::::::*

CNA Affected

[
  {
    "vendor": "Axiomatic",
    "product": "Bento4",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/axiomatic-systems/Bento4/files/9726974/POC_mp4edit_728838793.zip

github.com/axiomatic-systems/Bento4/issues/792

vuldb.com/?id.212679

Social References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

Related for CVE-2022-3813