OpenCVE

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kujirahand	Nadesiko3

Configuration 1 [-]

cpe:2.3:a:kujirahand:nadesiko3:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/kujirahand/nadesiko3/issues/1325
https://github.com/kujirahand/nadesiko3/issues/1347
https://jvn.jp/en/jp/JVN56968681/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-12-05T00:00:00

Updated: 2024-08-03T12:49:43.800Z

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-41777

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-05T04:15:09.917

Modified: 2024-11-21T07:23:49.523

Link: CVE-2022-41777

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kujirahand:nadesiko3:*:*:*:*:*:*:*:*", "matchCriteriaId": "83992A39-068D-480C-BDB4-5A32CA5606AE", "versionEndIncluding": "3.3.74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash."}, {"lang": "es", "value": "Vulnerabilidad de verificaci\u00f3n o manejo inadecuado de condiciones excepcionales en Nako3edit, componente editor de nadesiko3 (versi\u00f3n para PC) v3.3.74 y anteriores, permite a un atacante remoto inyectar un valor no v\u00e1lido para decodeURIComponent de nako3edit, lo que puede provocar que el servidor falle."}], "id": "CVE-2022-41777", "lastModified": "2024-11-21T07:23:49.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T04:15:09.917", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/kujirahand/nadesiko3/issues/1325"}, {"source": "vultures@jpcert.or.jp", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/kujirahand/nadesiko3/issues/1347"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN56968681/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/kujirahand/nadesiko3/issues/1325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/kujirahand/nadesiko3/issues/1347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN56968681/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}