PT-2022-17666 · Libsimba · Libsimba
Published
2022-04-11
·
Updated
2022-04-18
·
CVE-2022-26096
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libsimba library versions prior to SMR Apr-2022 Release 1
Description
The issue is related to a null pointer dereference vulnerability in the
parser ispe function. This vulnerability allows a remote attacker to perform an out of bounds write.Recommendations
For versions prior to SMR Apr-2022 Release 1, update to SMR Apr-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the
parser ispe function in the libsimba library to minimize the risk of exploitation.Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libsimba