Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-24350
HistoryApr 12, 2023 - 12:00 a.m.

CVE-2022-24350

2023-04-1200:00:00
mitre
www.cve.org
5
cve-2022-24350
insydeh2o
kernel 5.0
kernel 5.5
vulnerability
data destruction
buffer overflow

AI Score

5.9

Confidence

High

EPSS

0

Percentile

9.0%

JSON

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error.

Related

nessus 1
prion 1
cve 1
nvd 1
ics 1
nessus
nessus
Siemens InsydeH2O Classic Buffer Overflow (CVE-2022-24350)
2023-09-26 00:00:00
prion
prion
Command injection
2023-04-12 13:15:00
cve
cve
CVE-2022-24350
2023-04-12 13:15:07
nvd
nvd
CVE-2022-24350
2023-04-12 13:15:07
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00

AI Score

5.9

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for CVELIST:CVE-2022-24350
nessus1prion1cve1nvd1ics1