{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-34668", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "assignerShortName": "nvidia", "dateUpdated": "2023-03-27T00:00:00", "dateReserved": "2022-06-27T00:00:00", "datePublished": "2022-08-29T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2023-03-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity."}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA FLARE", "versions": [{"version": "All versions prior to 2.1.4", "status": "affected"}]}], "references": [{"url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6"}, {"url": "http://packetstormsecurity.com/files/171483/NVFLARE-Unsafe-Deserialization.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "cweId": "CWE-502"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:nvflare:*:*:*:*:*:*:*:*", "matchCriteriaId": "743CE31A-EC75-4F38-97E2-EB3DAC23F8E6", "versionEndExcluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity."}, {"lang": "es", "value": "NVFLARE, versiones anteriores a 2.1.4, contiene una vulnerabilidad que la Deserializaci\u00f3n de Datos No Confiables debido al uso de Pickle puede permitir a un atacante de red no privilegiado causar una Ejecuci\u00f3n de C\u00f3digo Remota, Denegaci\u00f3n de Servicio, e Impacto a la Confidencialidad e Integridad"}], "id": "CVE-2022-34668", "lastModified": "2023-03-27T18:15:11.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Primary"}]}, "published": "2022-08-29T03:15:07.720", "references": [{"source": "psirt@nvidia.com", "url": "http://packetstormsecurity.com/files/171483/NVFLARE-Unsafe-Deserialization.html"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://github.com/NVIDIA/NVFlare/security/advisories/GHSA-6qv6-q77g-7qm6"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}

{}