CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/pkuvcl/davs2/issues/29	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:davs2_project:davs2:1.6.205:*:*:*:*:*:*:*

History

08 Sep 2022, 03:28

Type	Values Removed	Values Added
CWE		CWE-120
References	~~(MISC) https://github.com/pkuvcl/davs2/issues/29 -~~	(MISC) https://github.com/pkuvcl/davs2/issues/29 - Exploit, Issue Tracking, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Davs2 Project davs2 Davs2 Project
CPE		cpe:2.3:a:davs2_project:davs2:1.6.205:::::::*

02 Sep 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-02 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-36647

Mitre link : CVE-2022-36647

CVE.ORG link : CVE-2022-36647

JSON object : View

Products Affected

davs2_project

davs2

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

5.5 /10