Publish CVE-2022-2741

Add CVE-2022-2741 for GHSA-hx5v-j59q-c3j8 Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2025-05-07 11:06:39 +00:00 · 2022-10-24 14:33:38 -07:00 · 2022-10-24 14:33:38 -07:00 · 34d71bbc3b
commit 34d71bbc3b
parent 9a1d65a122
1 changed files with 71 additions and 4 deletions
--- a/2022/2xxx/CVE-2022-2741.json
+++ b/2022/2xxx/CVE-2022-2741.json
@ -4,15 +4,82 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-2741",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "vulnerabilities@zephyrproject.org",
+        "DATE_PUBLIC": "2022-10-24T00:00:00.000Z",
+        "STATE": "PUBLIC",
+        "TITLE": "can: denial-of-service can be triggered by a crafted CAN frame"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "zephyrproject-rtos",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "zephyr",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "v3.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vulnerable node (this can easily be guessed based on CAN traffic analyses). The frame must contain the opposite RTR bit as what the filter installed in the vulnerable node contains (if the filter matches RTR frames, the frame must be a data frame or vice versa)."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
+            "attackVector": "Network",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "LOW",
+            "availabilityImpact": "LOW",
+            "baseSeverity": "HIGH"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Uncontrolled Resource Consumption (CWE-400)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8",
+                "refsource": "MISC",
+                "name": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
+            }
+        ]
+    },
+    "source": {
+        "defect": [
+            "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx5v-j59q-c3j8"
+        ]
    }
-}
+}