CVE-2022-43589 - OpenCVE

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Callback	Cbfs Filter

Configuration 1 [-]

cpe:2.3:a:callback:cbfs_filter:20.0.8317:*:*:*:*:*:*:*

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1648	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2022-11-22T00:00:00

Updated: 2023-02-01T17:31:39.386Z

Reserved: 2022-10-21T00:00:00

Link: CVE-2022-43589

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-28T11:15:10.700

Modified: 2023-02-07T18:58:10.387

Link: CVE-2022-43589

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:callback:cbfs_filter:20.0.8317:*:*:*:*:*:*:*", "matchCriteriaId": "03A2FC5F-A174-4E7C-8044-247DCFE1AA62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial of service. An attacker can issue an ioctl to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desreferencia de puntero nulo en la funcionalidad handle_ioctl_8314C de las tecnolog\u00edas de devoluci\u00f3n de llamada CBFS Filter 20.0.8317. Un paquete de solicitud de E/S (IRP) especialmente manipulada puede provocar una Denegaci\u00f3n de Servicio (DoS). Un atacante puede emitir un ioctl para desencadenar esta vulnerabilidad."}], "id": "CVE-2022-43589", "lastModified": "2023-02-07T18:58:10.387", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-28T11:15:10.700", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1648"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}