CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
77.8%
OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.
Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The JPCERT/CC advisory lists versions 3.3.68 and prior as vulnerable, and the most recent patch for this issue is tagged with version 3.3.69.
github.com/kujirahand/nadesiko3
github.com/kujirahand/nadesiko3/commit/124871c064cfc65cdcd83205637e84fc246c76df
github.com/kujirahand/nadesiko3/commit/56ccfb2f9cceaec83e6a9d3024c3ba8c54ebe1a4
github.com/kujirahand/nadesiko3/commit/61a70792752a75b7f71df214e98a236721ea3fa6
github.com/kujirahand/nadesiko3/issues/1325
github.com/kujirahand/nadesiko3/issues/1347
github.com/kujirahand/nadesiko3/releases/tag/3.3.62
github.com/kujirahand/nadesiko3/releases/tag/3.3.69
jvn.jp/en/jp/JVN56968681/index.html
nvd.nist.gov/vuln/detail/CVE-2022-41642