CVE-2022-22271
published 2022-01-10CVE-2022-22271: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
PriorityP426medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.11%
1.5th percentile
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| samsung_mobile | samsung_mobile_devices | >= P(9.0), Q(10.0), R(11.0) < SMR Jan-2022 Release 1 | SMR Jan-2022 Release 1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Spring Cloud Function Framework vulnerable to Denial of Service
ghsa·2024-07-09
CVE-2024-22271 [HIGH] CWE-20 Spring Cloud Function Framework vulnerable to Denial of Service
Spring Cloud Function Framework vulnerable to Denial of Service
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
GHSA
GHSA-mjgc-6w7g-2jm9: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory
ghsa_unreviewed·2022-01-11
CVE-2022-22271 [MEDIUM] CWE-125 GHSA-mjgc-6w7g-2jm9: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
Red Hat
spring-cloud-function-context: Spring Cloud Function Web DOS Vulnerability
vendor_redhat·2024-07-09·CVSS 8.2
CVE-2024-22271 [HIGH] CWE-400 spring-cloud-function-context: Spring Cloud Function Web DOS Vulnerability
spring-cloud-function-context: Spring Cloud Function Web DOS Vulnerability
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.
Specifically, an application is vulnerable when all of the following are true:
User is using Spring Cloud Function Web module
Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8
References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.
A flaw was found in the Spring Cloud Function framework. Affected versions of thi
No detection rules found.
No public exploits indexed.
2022-01-10
Published