cnvd - cnvd-2022-68930

cnvd-2022-68930

Vulnerability from cnvd

Title: VM2远程代码执行漏洞

Description:

VM2是一个沙箱，可以运行带有白名单节点内置模块的不可信代码。

VM2 3.9.11之前的版本存在远程代码执行漏洞，攻击者可以利用该漏洞绕过沙盒保护，以在运行沙盒的主机上获得远程代码执行权限。

Severity: 高

Patch Name: VM2远程代码执行漏洞的补丁

Patch Description:

VM2是一个沙箱，可以运行带有白名单节点内置模块的不可信代码。

VM2 3.9.11之前的版本存在远程代码执行漏洞，攻击者可以利用该漏洞绕过沙盒保护，以在运行沙盒的主机上获得远程代码执行权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-36067

Impacted products

Name
VM2 VM2 <3.9.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-36067",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-36067"
    }
  },
  "description": "VM2\u662f\u4e00\u4e2a\u6c99\u7bb1\uff0c\u53ef\u4ee5\u8fd0\u884c\u5e26\u6709\u767d\u540d\u5355\u8282\u70b9\u5185\u7f6e\u6a21\u5757\u7684\u4e0d\u53ef\u4fe1\u4ee3\u7801\u3002\n\nVM2 3.9.11\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6c99\u76d2\u4fdd\u62a4\uff0c\u4ee5\u5728\u8fd0\u884c\u6c99\u76d2\u7684\u4e3b\u673a\u4e0a\u83b7\u5f97\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-68930",
  "openTime": "2022-10-14",
  "patchDescription": "VM2\u662f\u4e00\u4e2a\u6c99\u7bb1\uff0c\u53ef\u4ee5\u8fd0\u884c\u5e26\u6709\u767d\u540d\u5355\u8282\u70b9\u5185\u7f6e\u6a21\u5757\u7684\u4e0d\u53ef\u4fe1\u4ee3\u7801\u3002\r\n\r\nVM2 3.9.11\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u6c99\u76d2\u4fdd\u62a4\uff0c\u4ee5\u5728\u8fd0\u884c\u6c99\u76d2\u7684\u4e3b\u673a\u4e0a\u83b7\u5f97\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VM2\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "VM2 VM2 \u003c3.9.11"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-36067",
  "serverity": "\u9ad8",
  "submitTime": "2022-09-08",
  "title": "VM2\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2022-36067 (GCVE-0-2022-36067)

Vulnerability from cvelistv5

Published

2022-09-06 00:00

Modified

2025-04-22 17:24

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-913 - Improper Control of Dynamically-Managed Code Resources

Summary

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.

References

▼	URL	Tags
	https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq
	https://github.com/patriksimek/vm2/issues/467
	https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164
	https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71
	https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067
	https://security.netapp.com/advisory/ntap-20221017-0002/

Impacted products

	Vendor	Product	Version
	patriksimek	vm2	Version: < 3.9.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:51:59.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/patriksimek/vm2/issues/467"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221017-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-36067",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:37:00.549158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:24:29.553Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vm2",
          "vendor": "patriksimek",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.9.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vm2 is a sandbox that can run untrusted code with whitelisted Node\u0027s built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq"
        },
        {
          "url": "https://github.com/patriksimek/vm2/issues/467"
        },
        {
          "url": "https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164"
        },
        {
          "url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"
        },
        {
          "url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221017-0002/"
        }
      ],
      "source": {
        "advisory": "GHSA-mrgp-mrhc-5jrq",
        "discovery": "UNKNOWN"
      },
      "title": "vm2 vulnerable to Sandbox Escape before v3.9.11"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-36067",
    "datePublished": "2022-09-06T00:00:00.000Z",
    "dateReserved": "2022-07-15T00:00:00.000Z",
    "dateUpdated": "2025-04-22T17:24:29.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted