CVE-2022-48554

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions File versions prior to 5.43

Description The issue is related to a stack-based buffer over-read in the file copystr function in funcs.c, which can lead to a denial of service when a specially crafted file is used. This can be exploited by an attacker to cause service disruption.

Recommendations For versions prior to 5.43, update to version 5.43 or later to resolve the issue. As a temporary workaround, consider restricting the use of the file copystr function in funcs.c until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:2512

AZL-28055

BDU:2023-05320

CVE-2022-48554

DSA-5489-1

INFSA-2024_2512

MGASA-2023-0268

OESA-2023-1574

RHSA-2024:2512

RHSA-2024_2512

RLSA-2024:2512

USN-6359-1

Affected Products

Almalinux

File

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Ubuntu

CVE-2022-48554

Weakness Enumeration

Related Identifiers

Affected Products

References · 46