CVE-2022-28664

Опубликовано: 05 авг. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

EPSS Низкий

Описание

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that can lead to memory corruption.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1509
Exploit
Technical Description
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1509
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:freshtomato:freshtomato:2022.1:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03266

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-whjh-pf6x-5rxq

CVSS3: 9.8

github

больше 3 лет назад

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption.

EPSS

Процентиль: 87%

0.03266

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-787