CVE-2022-25885 - OpenCVE

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Muhammara Project	Muhammara

Configuration 1 [-]

cpe:2.3:a:muhammara_project:muhammara:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/galkahana/HummusJS/issues/439
https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c
https://github.com/julianhille/MuhammaraJS/issues/188
https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139
https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-11-01T05:05:18.156250Z

Updated: 2024-09-16T23:51:41.009Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25885

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-01T05:15:09.810

Modified: 2022-11-01T19:20:57.707

Link: CVE-2022-25885

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-25885", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "datePublished": "2022-11-01T05:05:18.156250Z", "dateUpdated": "2024-09-16T23:51:41.009Z", "dateReserved": "2022-02-24T00:00:00"}, "containers": {"cna": {"title": "Denial of Service (DoS)", "datePublic": "2022-11-01T00:00:00", "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2022-11-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data."}], "affected": [{"vendor": "n/a", "product": "muhammara", "versions": [{"version": "unspecified", "lessThan": "2.6.0", "status": "affected", "versionType": "custom"}]}, {"vendor": "n/a", "product": "hummus", "versions": [{"version": "0", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139"}, {"url": "https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c"}, {"url": "https://github.com/julianhille/MuhammaraJS/issues/188"}, {"url": "https://github.com/galkahana/HummusJS/issues/439"}], "credits": [{"lang": "en", "value": "Julian Hille"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Denial of Service (DoS)"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:44.142Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139", "tags": ["x_transferred"]}, {"url": "https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c", "tags": ["x_transferred"]}, {"url": "https://github.com/julianhille/MuhammaraJS/issues/188", "tags": ["x_transferred"]}, {"url": "https://github.com/galkahana/HummusJS/issues/439", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:muhammara_project:muhammara:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7E8836C1-85F5-4C9B-B050-A9B7E569CCBB", "versionEndExcluding": "2.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data."}, {"lang": "es", "value": "El paquete muhammara antes de 2.6.0; Todas las versiones del paquete hummus son vulnerables a la Denegaci\u00f3n de Servicio (DoS) cuando se utiliza PDFStreamForResponse() con datos no v\u00e1lidos."}], "id": "CVE-2022-25885", "lastModified": "2022-11-01T19:20:57.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-11-01T05:15:09.810", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/galkahana/HummusJS/issues/439"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/julianhille/MuhammaraJS/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c"}, {"source": "report@snyk.io", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/julianhille/MuhammaraJS/issues/188"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091139"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3091137"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}