Vulnerability Name: | CVE-2022-25308 (CCN-229319) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2021-12-21 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2021-12-21 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2023-02-12 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-121 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-25308 Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 2047890 (CVE-2022-25308) - CVE-2022-25308 fribidi: Stack based buffer overflow Source: secalert@redhat.com Type: Issue Tracking, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN gnufribidi-cve202225308-bo(229319) Source: CCN Type: FriBidi GIT Repository stack-buffer-overflow on address 0x7ffda2c0112f at pc 0x5580929d7ab5 bp 0x7ffda2bc1820 sp 0x7ffda2bc1810 #181 Source: secalert@redhat.com Type: Exploit, Patch, Third Party Advisory secalert@redhat.com Source: secalert@redhat.com Type: Exploit, Third Party Advisory secalert@redhat.com Source: CCN Type: SNYK-UNMANAGED-FRIBIDIFRIBIDI-2405696 Buffer Overflow Source: CCN Type: IBM Security Bulletin 6843925 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-25308 Source: CCN Type: Mend Vulnerability Database CVE-2022-25308 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |