CVE-2022-43294

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tasmota versions before commit 066878da4d4762a9b6cb169fdf353e804d735cfd

Description A stack overflow issue was discovered via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp.

Recommendations For versions before commit 066878da4d4762a9b6cb169fdf353e804d735cfd, consider updating to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CRtspSession.cpp function until a patch is available. Avoid using the ClientPortPtr parameter in the affected rtsp session until the issue is resolved.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-43294

Affected Products

Tasmota

CVE-2022-43294

Weakness Enumeration

Related Identifiers

Affected Products

References · 6