CVE-2022-21211 - OpenCVE

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Posix Project	Posix

Configuration 1 [-]

cpe:2.3:a:posix_project:posix:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://snyk.io/vuln/SNYK-JS-POSIX-2400719	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2022-06-10T00:00:00

Updated: 2022-06-10T20:05:45

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-21211

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-10T20:15:07.890

Modified: 2022-07-08T18:18:58.267

Link: CVE-2022-21211

JSON object: View

Redhat Information

No data.

CWE

CWE-252

{"containers": {"cna": {"affected": [{"product": "posix", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Snyk Research Team"}], "datePublic": "2022-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-10T20:05:45", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719"}], "title": "Denial of Service (DoS)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-06-10T20:00:15.627345Z", "ID": "CVE-2022-21211", "STATE": "PUBLIC", "TITLE": "Denial of Service (DoS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "posix", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Snyk Research Team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-21211", "datePublished": "2022-06-10T00:00:00", "dateReserved": "2022-02-24T00:00:00", "dateUpdated": "2022-06-10T20:05:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:posix_project:posix:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7E3648A6-8068-4C8B-BE28-AB3AFF37E07E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete posix. Cuando es invocado el m\u00e9todo toString, es devuelto al valor 0x0, ya que el valor de toString no es invocable (no es una funci\u00f3n), y entonces es bloqueado con la comprobaci\u00f3n de tipo"}], "id": "CVE-2022-21211", "lastModified": "2022-07-08T18:18:58.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-06-10T20:15:07.890", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-POSIX-2400719"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}]}