CVE-2022-48554

Опубликовано: 21 янв. 2022

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.

Меры по смягчению последствий

Do not process untrusted files with the file program.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	file	Out of support scope
Red Hat Enterprise Linux 7	file	Out of support scope
Red Hat Enterprise Linux 8	file	Not affected
Red Hat Enterprise Linux 9	file	Fixed	RHSA-2024:2512	30.04.2024
Red Hat Enterprise Linux 9	file	Fixed	RHSA-2024:2512	30.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2235714file: stack-based buffer over-read in file_copystr in funcs.c

EPSS

Процентиль: 5%

0.00023

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-48554

CVSS3: 5.5

ubuntu

около 2 лет назад

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

CVE-2022-48554

CVSS3: 5.5

nvd

около 2 лет назад

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.

CVE-2022-48554

CVSS3: 5.5

msrc

11 месяцев назад

Описание отсутствует

CVE-2022-48554

CVSS3: 5.5

debian

около 2 лет назад

File before 5.43 has an stack-based buffer over-read in file_copystr i ...

RLSA-2024:2512

rocky

больше 1 года назад

Low: file security update

EPSS

Процентиль: 5%

0.00023

Низкий

5.5 Medium

CVSS3