admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-02 00:00:59 +00:00
parent 215168b347
commit a7dd84b8e0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 528 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
2022/3xxx/CVE-2022-3199.json
View File

@ -62,6 +62,16 @@
"url": "https://crbug.com/1355237",
"refsource": "MISC",
"name": "https://crbug.com/1355237"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"
},
{
"url": "https://security.gentoo.org/glsa/202209-23",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202209-23"
}
]
}

10
2022/3xxx/CVE-2022-3200.json
View File

@ -62,6 +62,16 @@
"url": "https://crbug.com/1355103",
"refsource": "MISC",
"name": "https://crbug.com/1355103"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"
},
{
"url": "https://security.gentoo.org/glsa/202209-23",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202209-23"
}
]
}

20
2022/3xxx/CVE-2022-3201.json
View File

@ -62,6 +62,26 @@
"url": "https://crbug.com/1343104",
"refsource": "MISC",
"name": "https://crbug.com/1343104"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"
},
{
"url": "https://security.gentoo.org/glsa/202209-23",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202209-23"
},
{
"url": "https://www.debian.org/security/2022/dsa-5244",
"refsource": "MISC",
"name": "https://www.debian.org/security/2022/dsa-5244"
},
{
"url": "https://security.gentoo.org/glsa/202210-16",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202210-16"
}
]
}

40
2022/3xxx/CVE-2022-3602.json
View File

@ -86,6 +86,46 @@
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"refsource": "CISCO",
"name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"refsource": "GENTOO",
"name": "GLSA-202211-01",
"url": "https://security.gentoo.org/glsa/202211-01"
}
]
}

40
2022/3xxx/CVE-2022-3786.json
View File

@ -86,6 +86,46 @@
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/16"
},
{
"refsource": "CISCO",
"name": "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/21"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/19"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/18"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/20"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/24"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)",
"url": "http://www.openwall.com/lists/oss-security/2022/11/01/17"
},
{
"refsource": "GENTOO",
"name": "GLSA-202211-01",
"url": "https://security.gentoo.org/glsa/202211-01"
}
]
}

70
2022/3xxx/CVE-2022-3809.json
View File

@ -4,78 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3809",
"TITLE": "Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/779",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/779"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip"
},
{
"url": "https://vuldb.com/?id.212666",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212666"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2022/3xxx/CVE-2022-3810.json
View File

@ -4,78 +4,14 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3810",
"TITLE": "Axiomatic Bento4 mp42hevc Mp42Hevc.cpp AP4_File denial of service",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212667."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/779",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/779"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9653209/poc_Bento4.zip"
},
{
"url": "https://vuldb.com/?id.212667",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212667"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2022/3xxx/CVE-2022-3812.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4encrypt AP4_ContainerAtom memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/792",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/792"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9726934/POC_mp4encrypt_631000973.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9726934/POC_mp4encrypt_631000973.zip"
},
{
"url": "https://vuldb.com/?id.212678",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212678"
}
]
}

70
2022/3xxx/CVE-2022-3813.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4edit memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/792",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/792"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9726974/POC_mp4edit_728838793.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9726974/POC_mp4edit_728838793.zip"
},
{
"url": "https://vuldb.com/?id.212679",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212679"
}
]
}

70
2022/3xxx/CVE-2022-3814.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4decrypt memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/792",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/792"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9727002/POC_mp4decrypt_477546304.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9727002/POC_mp4decrypt_477546304.zip"
},
{
"url": "https://vuldb.com/?id.212680",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212680"
}
]
}

70
2022/3xxx/CVE-2022-3815.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4decrypt memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/792",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/792"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip"
},
{
"url": "https://vuldb.com/?id.212681",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212681"
}
]
}

70
2022/3xxx/CVE-2022-3816.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3816",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4decrypt memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/792",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/792"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9727059/POC_mp4decrypt_654515280.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9727059/POC_mp4decrypt_654515280.zip"
},
{
"url": "https://vuldb.com/?id.212682",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212682"
}
]
}

70
2022/3xxx/CVE-2022-3817.json
View File

@ -4,14 +4,78 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Axiomatic Bento4 mp4mux memory leak",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Axiomatic",
"product": {
"product_data": [
{
"product_name": "Bento4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service -> CWE-401 Memory Leak"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/792",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/issues/792"
},
{
"url": "https://github.com/axiomatic-systems/Bento4/files/9727057/POC_mp4mux_1729452038.zip",
"refsource": "MISC",
"name": "https://github.com/axiomatic-systems/Bento4/files/9727057/POC_mp4mux_1729452038.zip"
},
{
"url": "https://vuldb.com/?id.212683",
"refsource": "MISC",
"name": "https://vuldb.com/?id.212683"
}
]
}