ByteOS Network

NVD Vulnerability Details :

CVE-2022-2652

Analyzed

Source-security@huntr.dev

Published At-04 Aug, 2022 | 10:15

Updated At-10 Aug, 2022 | 13:40

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Secondary	3.0	7.3	HIGH	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

Type: Primary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

CPE Matches

v4l2loopback_project>>v4l2loopback>>Versions before 0.12.6(exclusive)

cpe:2.3:o:v4l2loopback_project:v4l2loopback:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-134	Primary	security@huntr.dev

CWE ID: CWE-134

Type: Primary

Source: security@huntr.dev

References

Hyperlink	Source	Resource
https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd	security@huntr.dev	Patch Third Party Advisory
https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5	security@huntr.dev	Exploit Issue Tracking Patch Third Party Advisory

Hyperlink: https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd

Source: security@huntr.dev

Resource:

Patch

Third Party Advisory

Hyperlink: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5

Source: security@huntr.dev

Resource:

Exploit

Issue Tracking

Patch

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History