exploitDog

CVE-2022-45909

Опубликовано: 26 нояб. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request.

Ссылки

https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490
Patch
Third Party Advisory
https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19
Patch
Third Party Advisory
https://github.com/drachtio/drachtio-server/pull/238
Third Party Advisory
https://github.com/drachtio/drachtio-server/commit/a63d01854987d9fd846cdc9265af38ee9eb72490
Patch
Third Party Advisory
https://github.com/drachtio/drachtio-server/compare/v0.8.18...v0.8.19
Patch
Third Party Advisory
https://github.com/drachtio/drachtio-server/pull/238
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:drachtio:drachtio-server:*:*:*:*:*:*:*:*

Версия до 0.8.19 (исключая)

EPSS

Процентиль: 66%

0.00525

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-125

CWE-125

Связанные уязвимости

GHSA-w3rv-r6q7-vcpw

CVSS3: 9.1

github

около 3 лет назад

drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.

EPSS

Процентиль: 66%

0.00525

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-125

CWE-125