PT-2022-20470 · Trilogy · Trilogy

Sergei Volokitin

Published

2022-06-06

Updated

2022-06-15

CVE-2022-31026

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Trilogy versions prior to 2.1.1

Description When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. This issue can be avoided by only connecting to trusted servers.

Recommendations For versions prior to 2.1.1, upgrade to version 2.1.1 to resolve the issue. As a temporary workaround, consider only connecting to trusted servers to minimize the risk of exploitation.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

CVE-2022-31026

GHSA-5G4R-2QHX-VQFM

Affected Products

Trilogy

PT-2022-20470 · Trilogy · Trilogy

CVE-2022-31026

Weakness Enumeration

Related Identifiers

Affected Products

References · 9