CVE-2022-47515
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0067
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
170
Improper Null Termination
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Access Control
Other
Potential Impacts:
Read Memory
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Modify Memory
Alter Execution Logic
Applicable Platforms
Languages:
C, C++
Application
Drachtio-Server by Drachtio
Version Range Affected
To
0.8.20
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:drachtio:drachtio-server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/drachtio/drachtio-server/commit/4cf9fe2c420b86c16442215d449d…
https://github.com/drachtio/drachtio-server/issues/245
https://github.com/drachtio/drachtio-server/commit/4cf9fe2c420b86c16442215d449d…
https://github.com/drachtio/drachtio-server/issues/245