CVE-2022-48334

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Widevine Trusted Application (TA) versions 5.0.0 through 5.1.1

Description The issue is related to an integer overflow and resultant buffer overflow in the drm verify keys function, specifically with the total len+file name len calculation. This can lead to a buffer overflow.

Recommendations For versions 5.0.0 through 5.1.1, consider restricting access to the drm verify keys function until a patch is available. As a temporary workaround, avoid using the total len and file name len variables in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2022-48334

Affected Products

Widevine Trusted Application

CVE-2022-48334

Weakness Enumeration

Related Identifiers

Affected Products

References · 4