Lucene search

K

[email protected]NVD:CVE-2022-25310

HistorySep 06, 2022 - 6:15 p.m.

CVE-2022-25310

2022-09-0618:15:11

CWE-476

CWE-119

[email protected]

web.nvd.nist.gov

cve-2022-25310

segmentation fault

fribidi

fribidi package

fribidi_remove_bidi_marks

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.4%

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

Affected configurations

NVD

Node

gnufribidiRange<1.0.12

Node

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linuxMatch9.0

References

access.redhat.com/security/cve/CVE-2022-25310

bugzilla.redhat.com/show_bug.cgi?id=2047923

github.com/fribidi/fribidi/issues/183

github.com/fribidi/fribidi/pull/186

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.4%

Related for NVD:CVE-2022-25310