admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-310xx/CVE-2022-31026.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

133 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-31026",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-06-09T13:15:08.457",
"lastModified": "2022-06-15T18:26:27.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers."
},
{
"lang": "es",
"value": "Trilogy es una biblioteca cliente para MySQL. Cuando es autenticado, un servidor malicioso podr\u00eda devolver un paquete de autenticaci\u00f3n especialmente dise\u00f1ado, causando que el cliente lea y devuelva hasta 12 bytes de datos de una variable no inicializada en la memoria de la pila. Los usuarios de la gema trilog\u00eda deber\u00edan actualizar a versi\u00f3n 2.1.1. Este problema puede evitarse conect\u00e1ndose \u00fanicamente a servidores confiables"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trilogy_project:trilogy:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.1.1",
"matchCriteriaId": "9DBD25C5-280A-4303-8AEA-1389C45EB652"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink