CVE-2022-0699

Опубликовано: 17 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

Ссылки

https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
Patch
Third Party Advisory
https://github.com/OSGeo/shapelib/issues/39
Exploit
Issue Tracking
Third Party Advisory
https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
Patch
Third Party Advisory
https://github.com/OSGeo/shapelib/issues/39
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osgeo:shapelib:*:*:*:*:*:*:*:*

Версия до 1.5.0 (включая)

EPSS

Процентиль: 60%

0.00394

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-416

CWE-415

Связанные уязвимости

CVE-2022-0699

CVSS3: 9.8

ubuntu

около 3 лет назад

CVE-2022-0699

CVSS3: 9.8

msrc

около 2 лет назад

Описание отсутствует

CVE-2022-0699

CVSS3: 9.8

debian

около 3 лет назад

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 ...

openSUSE-SU-2022:0068-1

suse-cvrf

больше 3 лет назад

Security update for shapelib

ROS-20221025-01

CVSS3: 9.8

redos

около 3 лет назад

Уязвимость shapelib

EPSS

Процентиль: 60%

0.00394

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-416

CWE-415