From 87901724df9e7e3ad289ddbef64c904c9cbc4e7f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 12 Jan 2023 00:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14454.json | 80 +++++++++++++++++++++++++++++---- 2022/4xxx/CVE-2022-4344.json | 82 ++++++++++++++++++++++++++++++++-- 2 files changed, 150 insertions(+), 12 deletions(-) diff --git a/2017/14xxx/CVE-2017-14454.json b/2017/14xxx/CVE-2017-14454.json index 1a610d68352..b00dc094850 100644 --- a/2017/14xxx/CVE-2017-14454.json +++ b/2017/14xxx/CVE-2017-14454.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-14454", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2017-14454", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the \"control\" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Insteon", + "product": { + "product_data": [ + { + "product_name": "Hub", + "version": { + "version_data": [ + { + "version_value": "Not specified", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502", + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.5, + "baseSeverity": "HIGH" } ] } diff --git a/2022/4xxx/CVE-2022-4344.json b/2022/4xxx/CVE-2022-4344.json index 03fe4865f29..61eabac09a1 100644 --- a/2022/4xxx/CVE-2022-4344.json +++ b/2022/4xxx/CVE-2022-4344.json @@ -4,15 +4,89 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-4344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wireshark Foundation", + "product": { + "product_data": [ + { + "product_name": "Wireshark", + "version": { + "version_data": [ + { + "version_value": ">=4.0.0, <4.0.2" + }, + { + "version_value": ">=3.6.0, <3.6.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled memory allocation in Wireshark" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2022-10.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2022-10.html", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4344.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4344.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Sharon Brizinov" + } + ] } \ No newline at end of file