GoogleOSV:CVE-2022-35017

HistoryAug 29, 2022 - 2:15 p.m.

CVE-2022-35017

2022-08-2914:15:11

Google

osv.dev

advancecomp v2.3

heap buffer overflow

cve-2022-35017

software

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

References

drive.google.com/file/d/13WAtJtCUBH4LW5MBulyuhLFq2HQq4e_Q/view?usp=sharing

github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

47.4%

JSON

Related for OSV:CVE-2022-35017