search

nanopathi / linux-4.19.72_CVE-2021-32399

Other
0 stars 0 forks source link

CVE-2022-0435 (High) detected in linuxlinux-4.19.236, linuxlinux-4.19.236 #6

Open mend-bolt-for-github[bot] opened 2 years ago

mend-bolt-for-github[bot] commented 2 years ago

CVE-2022-0435 - High Severity Vulnerability

Vulnerable Libraries - linuxlinux-4.19.236, linuxlinux-4.19.236

Vulnerability Details

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Publish Date: 2022-03-25

URL: CVE-2022-0435

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-0435

Release Date: 2022-03-25

Fix Resolution: linux-libc-headers - 5.14;linux-yocto - 4.8.26+gitAUTOINC+1c60e003c7_27efc3ba68,5.4.20+gitAUTOINC+c11911d4d1_f4d7dbafb1

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.