CVE-2022-1543 - OpenCVE

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Erudika	Scoold

Configuration 1 [-]

cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce
https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-04-29T18:10:09

Updated: 2024-08-03T00:10:03.981Z

Reserved: 2022-04-29T00:00:00

Link: CVE-2022-1543

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-04-29T18:15:08.843

Modified: 2022-05-11T13:35:57.023

Link: CVE-2022-1543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "erudika/scoold", "vendor": "erudika", "versions": [{"lessThan": "1.49.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-29T18:10:09", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce"}], "source": {"advisory": "9889d435-3b9c-4e9d-93bc-5272e0723f9f", "discovery": "EXTERNAL"}, "title": "Improper handling of Length parameter in erudika/scoold", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1543", "STATE": "PUBLIC", "TITLE": "Improper handling of Length parameter in erudika/scoold"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "erudika/scoold", "version": {"version_data": [{"version_affected": "<", "version_value": "1.49.4"}]}}]}, "vendor_name": "erudika"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-130 Improper Handling of Length Parameter Inconsistency"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f"}, {"name": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce", "refsource": "MISC", "url": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce"}]}, "source": {"advisory": "9889d435-3b9c-4e9d-93bc-5272e0723f9f", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.981Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1543", "datePublished": "2022-04-29T18:10:09", "dateReserved": "2022-04-29T00:00:00", "dateUpdated": "2024-08-03T00:10:03.981Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:erudika:scoold:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5AE1369-8484-493D-9DC2-6FE34C4E29BE", "versionEndExcluding": "1.49.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server."}, {"lang": "es", "value": "Un Manejo Inapropiado del Par\u00e1metro Length en el repositorio de GitHub erudika/scoold versiones anteriores a 1.49.4. Cuando el tama\u00f1o del texto es lo suficientemente grande, el servicio resulta en una interrupci\u00f3n moment\u00e1nea en un entorno de producci\u00f3n. Esto puede conllevar a una corrupci\u00f3n de memoria en el servidor"}], "id": "CVE-2022-1543", "lastModified": "2022-05-11T13:35:57.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-29T18:15:08.843", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-130"}], "source": "security@huntr.dev", "type": "Secondary"}]}