CVE-2022-35020

MEDIUM5.5

Advancecomp v2

Published Aug 29, 2022

Modified 1 years ago

Details

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

References

WEB

https://drive.google.com/file/d/1ScTmAEmHSHvmyDnELYV1DzQTAAAm7XS9/view?usp=sharing

WEB

https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2022-35020

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedAug 29, 2022

ModifiedAug 3, 2024

CVE-2022-35020 | Mondoo Vulnerability Intelligence