CVE Vulnerability

CVE-2022-23462

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit a79d31e4cff1d5a08f665574b29fd885897a28fd in the `master` branch of the repository. There are no workarounds other than applying the patch.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://securitylab.github.com/advisories/GHSL-2022-066_iowow/ Exploit Third Party Advisory
https://github.com/Softmotions/iowow/commit/a79d31e4cff1d5a08f665574b29fd885897a28fd Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:softmotions:iowow:*:*:*:*:*:*:*:*
Information

Published : 2022-10-21 10:15

Updated : 2022-10-24 04:08

NVD link : CVE-2022-23462

Mitre link : CVE-2022-23462

Products Affected
No products.
CWE
CWE-787