CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.
Configurations

Configuration 1


Information

Published : 2022-06-17 02:15

Updated : 2022-06-28 02:12


NVD link : CVE-2022-31246

Mitre link : CVE-2022-31246

Products Affected
No products.
CWE