CVE-2022-48620

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-48620
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 Patch
https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1 Release Notes
https://github.com/troglobit/libuev/issues/27 Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/
Configurations

Configuration 1 (hide)

cpe:2.3:a:troglobit:libeuv:*:*:*:*:*:*:*:*
History

23 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/ -

21 Mar 2024, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/ -

20 Jan 2024, 18:44

Type Values Removed Values Added
CWE CWE-120
References () https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 - () https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 - Patch
References () https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1 - () https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1 - Release Notes
References () https://github.com/troglobit/libuev/issues/27 - () https://github.com/troglobit/libuev/issues/27 - Issue Tracking
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:troglobit:libeuv:*:*:*:*:*:*:*:*
First Time Troglobit
Troglobit libeuv

12 Jan 2024, 13:47

Type Values Removed Values Added
Summary
  • (es) uev (aka libuev) anterior a 2.4.1 tiene un desbordamiento de búfer en epoll_wait si maxevents es un número grande.

12 Jan 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-12 04:15

Updated : 2024-03-23 03:15

NVD link : CVE-2022-48620

Mitre link : CVE-2022-48620

CVE.ORG link : CVE-2022-48620

JSON object : View

Products Affected

troglobit

  • libeuv
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')