CVE-2022-4584 - OpenCVE

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Axiosys	Bento4

Configuration 1 [-]

cpe:2.3:a:axiosys:bento4:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz	Exploit Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/818	Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.216170	Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.216170	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-12-17T00:00:00

Updated: 2023-10-20T14:08:48.784Z

Reserved: 2022-12-17T00:00:00

Link: CVE-2022-4584

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-17T13:15:09.483

Modified: 2024-05-17T02:16:47.623

Link: CVE-2022-4584

JSON object: View

Redhat Information

No data.

CWE

CWE-122

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4584", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2023-10-20T14:08:48.784Z", "dateReserved": "2022-12-17T00:00:00", "datePublished": "2022-12-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T14:08:48.784Z"}, "title": "Axiomatic Bento4 mp42aac heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "affected": [{"vendor": "Axiomatic", "product": "Bento4", "versions": [{"version": "1.6.0-639", "status": "affected"}], "modules": ["mp42aac"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in Axiomatic Bento4 bis 1.6.0-639 ausgemacht. Davon betroffen ist unbekannter Code der Komponente mp42aac. Durch das Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2022-12-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2022-12-17T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2022-12-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-26T15:33:54.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.216170", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.216170", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/axiomatic-systems/Bento4/issues/818", "tags": ["issue-tracking"]}, {"url": "https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz", "tags": ["exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axiosys:bento4:*:*:*:*:*:*:*:*", "matchCriteriaId": "180AEBD6-AF89-4F0F-856E-D8B977C762C0", "versionEndIncluding": "1.6.0-639", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Axiomatic Bento4 hasta 1.6.0-639. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del componente mp42aac es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-216170 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2022-4584", "lastModified": "2024-05-17T02:16:47.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-12-17T13:15:09.483", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/files/10095915/POC2.tar.gz"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/axiomatic-systems/Bento4/issues/818"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.216170"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.216170"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}