PT-2023-15529 · Unknown · Csaf-Validator-Lib+1

Damian Pfammatter

Publicado

2023-03-27

Atualizado

2023-04-03

CVE-2022-47924

CVSS v3.1

6.5

Média

Vetor

AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Secvisogram versions prior to 0.1.0

Description An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib which can result in arbitrary code execution and Denial of Service (DoS) once the user triggers the validation.

Recommendations For versions prior to 0.1.0, consider updating to a version that is 0.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the validate function of csaf-validator-lib to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2022-47924

Produtos afetados

Secvisogram

Csaf-Validator-Lib

PT-2023-15529 · Unknown · Csaf-Validator-Lib+1

CVE-2022-47924

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4