cve-2022-3662
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 01:14
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability.
References
cna@vuldb.comhttps://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zipExploit, Third Party Advisory
cna@vuldb.comhttps://github.com/axiomatic-systems/Bento4/issues/802Exploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?id.212002Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zipExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/axiomatic-systems/Bento4/issues/802Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://vuldb.com/?id.212002Permissions Required, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:03.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/axiomatic-systems/Bento4/issues/802"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zip"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.212002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bento4",
          "vendor": "Axiomatic",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-26T00:00:00",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://github.com/axiomatic-systems/Bento4/issues/802"
        },
        {
          "url": "https://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zip"
        },
        {
          "url": "https://vuldb.com/?id.212002"
        }
      ],
      "title": "Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2022-3662",
    "datePublished": "2022-10-26T00:00:00",
    "dateReserved": "2022-10-22T00:00:00",
    "dateUpdated": "2024-08-03T01:14:03.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-3662\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2022-10-26T19:15:17.857\",\"lastModified\":\"2024-11-21T07:19:58.760\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad en Axiomatic Bento4. Ha sido declarada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n GetOffset del archivo Ap4Sample.h del componente mp42hls. La manipulaci\u00f3n conlleva a un uso de memoria previamente liberada. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede ser usada. VDB-212002 es el identificador asignado a esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A003FBD1-339C-409D-A304-7FEE97E23250\"}]}]}],\"references\":[{\"url\":\"https://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zip\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/axiomatic-systems/Bento4/issues/802\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.212002\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/axiomatic-systems/Bento4/files/9817606/mp42hls_cuaf_Ap4Sample99.zip\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/axiomatic-systems/Bento4/issues/802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.212002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.