CVE-2022-46377 - OpenCVE

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Weston-embedded	Uc-ftps

Configuration 1 [-]

cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/weston-embedded/uC-FTPs/pull/2	Patch
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681	Exploit Mitigation Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2023-05-10T15:23:52.324Z

Updated: 2023-05-10T17:00:06.089Z

Reserved: 2022-12-02T18:54:51.872Z

Link: CVE-2022-46377

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-10T16:15:10.153

Modified: 2023-05-18T21:23:25.000

Link: CVE-2022-46377

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weston-embedded:uc-ftps:1.98.00:*:*:*:*:*:*:*", "matchCriteriaId": "EBF1C85E-372F-44A2-B440-AC014D4801A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command."}], "id": "CVE-2022-46377", "lastModified": "2023-05-18T21:23:25.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-05-10T16:15:10.153", "references": [{"source": "talos-cna@cisco.com", "tags": ["Patch"], "url": "https://github.com/weston-embedded/uC-FTPs/pull/2"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-823"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}