Lucene search

GoogleOSV:CVE-2022-44789

HistoryNov 23, 2022 - 9:15 p.m.

CVE-2022-44789

2022-11-2321:15:11

Google

osv.dev

logical issue

artifex mujs

remote code execution

memory corruption

crafted javascript file

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

References

github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt

github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f

github.com/ccxvii/mujs/releases/tag/1.3.2

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO/

www.debian.org/security/2022/dsa-5291

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.015

Percentile

87.2%

JSON

Related for OSV:CVE-2022-44789