A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing | Third Party Advisory |
https://github.com/tildearrow/furnace/issues/325 | Exploit Issue Tracking Patch Third Party Advisory |
https://vuldb.com/?id.196371 | Permissions Required Third Party Advisory |
Configurations
History
12 Apr 2022, 17:39
Type | Values Removed | Values Added |
---|---|---|
First Time |
Tildearrow furnace
Tildearrow |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
CWE | CWE-787 | |
References | (N/A) https://vuldb.com/?id.196371 - Permissions Required, Third Party Advisory | |
References | (N/A) https://github.com/tildearrow/furnace/issues/325 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (N/A) https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing - Third Party Advisory | |
CPE | cpe:2.3:a:tildearrow:furnace:dev73:*:*:*:*:*:*:* |
03 Apr 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-03 12:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1211
Mitre link : CVE-2022-1211
CVE.ORG link : CVE-2022-1211
JSON object : View
Products Affected
tildearrow
- furnace