CVE-2022-3665 - OpenCVE

A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Axiosys	Bento4

Configuration 1 [-]

cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip
https://github.com/axiomatic-systems/Bento4/issues/794
https://vuldb.com/?id.212005

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-10-26T00:00:00

Updated: 2024-08-03T01:14:03.299Z

Reserved: 2022-10-22T00:00:00

Link: CVE-2022-3665

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-26T19:15:22.497

Modified: 2023-11-07T03:51:35.583

Link: CVE-2022-3665

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3665", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2024-08-03T01:14:03.299Z", "dateReserved": "2022-10-22T00:00:00", "datePublished": "2022-10-26T00:00:00"}, "containers": {"cna": {"title": "Axiomatic Bento4 avcinfo AvcInfo.cpp heap-based overflow", "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-10-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability."}], "affected": [{"vendor": "Axiomatic", "product": "Bento4", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/axiomatic-systems/Bento4/issues/794"}, {"url": "https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip"}, {"url": "https://vuldb.com/?id.212005"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow", "cweId": "CWE-119"}]}], "x_generator": "vuldb.com"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:03.299Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/axiomatic-systems/Bento4/issues/794", "tags": ["x_transferred"]}, {"url": "https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip", "tags": ["x_transferred"]}, {"url": "https://vuldb.com/?id.212005", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*", "matchCriteriaId": "A003FBD1-339C-409D-A304-7FEE97E23250", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Axiomatic Bento4. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo AvcInfo.cpp del componente avcinfo. La manipulaci\u00f3n conlleva a un desbordamiento del buffer en la regi\u00f3n heap de la memoria. El ataque puede ser lanzado remotamente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. Ha sido asignado el identificador VDB-212005 a esta vulnerabilidad"}], "id": "CVE-2022-3665", "lastModified": "2023-11-07T03:51:35.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-10-26T19:15:22.497", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/files/9746311/avcinfo_poc2.zip"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/issues/794"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.212005"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Secondary"}]}