CVE-2022-2301 - OpenCVE

Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chafa Project	Chafa

Configuration 1 [-]

cpe:2.3:a:chafa_project:chafa:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9
https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-07-04T10:30:22

Updated: 2024-08-03T00:32:09.618Z

Reserved: 2022-07-04T00:00:00

Link: CVE-2022-2301

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-04T11:15:13.357

Modified: 2022-07-12T16:13:05.917

Link: CVE-2022-2301

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "hpjansson/chafa", "vendor": "hpjansson", "versions": [{"lessThan": "1.10.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-04T10:30:22", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9"}], "source": {"advisory": "f6b9114b-671d-4948-b946-ffe5c9aeb816", "discovery": "EXTERNAL"}, "title": "Buffer Over-read in hpjansson/chafa", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2301", "STATE": "PUBLIC", "TITLE": "Buffer Over-read in hpjansson/chafa"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "hpjansson/chafa", "version": {"version_data": [{"version_affected": "<", "version_value": "1.10.3"}]}}]}, "vendor_name": "hpjansson"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-126 Buffer Over-read"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816"}, {"name": "https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9", "refsource": "MISC", "url": "https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9"}]}, "source": {"advisory": "f6b9114b-671d-4948-b946-ffe5c9aeb816", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:09.618Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9"}]}]}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2301", "datePublished": "2022-07-04T10:30:22", "dateReserved": "2022-07-04T00:00:00", "dateUpdated": "2024-08-03T00:32:09.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chafa_project:chafa:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A004083-B486-4D70-B91C-599EACD977C5", "versionEndExcluding": "1.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3."}, {"lang": "es", "value": "Una Lectura Excesiva del b\u00fafer en el repositorio de GitHub hpjansson/chafa versiones anteriores a 1.10.3"}], "id": "CVE-2022-2301", "lastModified": "2022-07-12T16:13:05.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-04T11:15:13.357", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-126"}], "source": "security@huntr.dev", "type": "Secondary"}]}