CVE-2021-33318

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

Ссылки

https://github.com/jchristn/IpMatcher
Third Party Advisory
https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
Patch
Third Party Advisory
https://github.com/jchristn/WatsonWebserver
Third Party Advisory
https://github.com/kaoudis/advisories/blob/main/0-2021.md
Exploit
Third Party Advisory
https://github.com/jchristn/IpMatcher
Third Party Advisory
https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
Patch
Third Party Advisory
https://github.com/jchristn/WatsonWebserver
Third Party Advisory
https://github.com/kaoudis/advisories/blob/main/0-2021.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ipmatcher_project:ipmatcher:*:*:*:*:*:*:*:*

Версия до 1.0.4.1 (включая)

cpe:2.3:a:watsonwebserver_project:watsonwebserver:*:*:*:*:*:*:*:*

Версия до 4.1.3 (включая)

EPSS

Процентиль: 73%

0.00743

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-704

Связанные уязвимости

GHSA-qj93-37f5-mr29