CVE-2022-28665

Опубликовано: 05 авг. 2022

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

EPSS Низкий

Описание

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that can lead to memory corruption.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1509
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1509
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:freshtomato:freshtomato:2022.1:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03958

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-mxph-pm8g-2q9m

CVSS3: 9.8

github

больше 3 лет назад

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption.

EPSS

Процентиль: 88%

0.03958

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-787