CVE-2022-23462

Опубликовано: 21 окт. 2022

Источник: nvd

CVSS3: 6.2

CVSS3: 7.5

EPSS Низкий

Описание

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the master branch of the repository. There are no workarounds other than applying the patch.

Ссылки

https://github.com/Softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd
Patch
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-066_iowow/
Exploit
Third Party Advisory
https://github.com/Softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd
Patch
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-066_iowow/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softmotions:iowow:*:*:*:*:*:*:*:*

Версия до 1.4.15 (включая)

EPSS

Процентиль: 44%

0.00215

Низкий

6.2 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120

CWE-787

Связанные уязвимости

GHSA-6gqv-x5rh-36m4

CVSS3: 7.5

github

больше 3 лет назад

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.

EPSS

Процентиль: 44%

0.00215

Низкий

6.2 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120

CWE-787