Vulnerability Name:

CVE-2022-3756 (CCN-240424)

Assigned:2022-09-06
Published:2022-09-06
Updated:2022-11-21
Summary:** REJECT ** DO NOT USE THIS CANDIDATE NUMBER.
ConsultIDs: none.
Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.
Notes: none.
CVSS v3 Severity:8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-3756

Source: XF
Type: UNKNOWN
exiv2-cve20223756-bo(240424)

Source: CCN
Type: Exiv2 GIT Repository
Avoid potential integer overflow.

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:exiv2:exiv2:0.27:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    exiv2 exiv2 0.27