CVE-2022-1908 - OpenCVE

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Libmobi Project	Libmobi

Configuration 1 [-]

cpe:2.3:a:libmobi_project:libmobi:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba	Patch Third Party Advisory
https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2022-05-27T08:35:16

Updated: 2022-05-27T08:35:16

Reserved: 2022-05-27T00:00:00

Link: CVE-2022-1908

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-27T09:15:08.273

Modified: 2022-06-03T15:14:42.907

Link: CVE-2022-1908

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "bfabiszewski/libmobi", "vendor": "bfabiszewski", "versions": [{"lessThan": "0.11", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "CWE-126 Buffer Over-read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-27T08:35:16", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8"}], "source": {"advisory": "a7436e88-0488-4bd4-816f-2e2c803e93e8", "discovery": "EXTERNAL"}, "title": "Buffer Over-read in bfabiszewski/libmobi", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-1908", "STATE": "PUBLIC", "TITLE": "Buffer Over-read in bfabiszewski/libmobi"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "bfabiszewski/libmobi", "version": {"version_data": [{"version_affected": "<", "version_value": "0.11"}]}}]}, "vendor_name": "bfabiszewski"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-126 Buffer Over-read"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba", "refsource": "MISC", "url": "https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba"}, {"name": "https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8"}]}, "source": {"advisory": "a7436e88-0488-4bd4-816f-2e2c803e93e8", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-1908", "datePublished": "2022-05-27T08:35:16", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2022-05-27T08:35:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libmobi_project:libmobi:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FF60ACA-0257-493F-A0F1-CD257EFDAC33", "versionEndExcluding": "0.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11."}, {"lang": "es", "value": "Una Lectura excesiva del Buffer en el repositorio de GitHub bfabiszewski/libmobi versiones anteriores a 0.11"}], "id": "CVE-2022-1908", "lastModified": "2022-06-03T15:14:42.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-27T09:15:08.273", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-126"}], "source": "security@huntr.dev", "type": "Secondary"}]}