PT-2024-11907 · Bwoodsend · Rockhopper

Bwoodsend

Published

2024-05-27

Updated

2024-06-06

CVE-2022-4969

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions bwoodsend rockhopper versions up to 0.1.2

Description A critical issue has been found in the Binary Parser component, specifically in the count rows function of the rockhopper/src/ragged array.c file. The manipulation of the raw argument leads to a buffer overflow. Local access is required to exploit this issue. Upgrading to version 0.2.0 addresses this issue.

Recommendations For bwoodsend rockhopper versions up to 0.1.2, upgrade to version 0.2.0 to address the issue. As a temporary workaround, consider restricting access to the count rows function in the Binary Parser component until the upgrade is applied.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2022-4969

GHSA-4R4C-66GF-G9G5

Affected Products

Rockhopper

PT-2024-11907 · Bwoodsend · Rockhopper

CVE-2022-4969

Weakness Enumeration

Related Identifiers

Affected Products

References · 10