Lucene search

K

[email protected]NVD:CVE-2022-25309

HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-25309

2022-09-0618:15:11

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

1

cve-2022-25309

fribidi

buffer overflow

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.7%

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the ‘–caprtl’ option, leading to a crash and causing a denial of service.

Affected configurations

NVD

Node

gnufribidiRange<1.0.12

Node

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

References

access.redhat.com/security/cve/CVE-2022-25309

bugzilla.redhat.com/show_bug.cgi?id=2047896

github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3

github.com/fribidi/fribidi/issues/182

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.7%

Related for NVD:CVE-2022-25309