CVE Vulnerability

CVE-2022-36313

An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/sindresorhus/file-type/releases/tag/v16.5.4 Release Notes Third Party Advisory
https://github.com/sindresorhus/file-type/releases/tag/v17.1.3 Release Notes Third Party Advisory
https://www.npmjs.com/package/file-type Product Third Party Advisory
https://security.netapp.com/advisory/ntap-20220909-0005/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:file-type_project:file-type:*:*:*:*:*:node.js:*:*
cpe:2.3:a:file-type_project:file-type:*:*:*:*:*:node.js:*:*
Information

Published : 2022-07-21 04:15

Updated : 2022-10-27 01:25

NVD link : CVE-2022-36313

Mitre link : CVE-2022-36313

Products Affected
No products.
CWE
CWE-835