CVE-2022-34823
published 2022-11-08CVE-2022-34823: Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.22%
65.0th percentile
Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fdkaac_project | fdkaac | >= 0 < 0.6.2-1ubuntu0.1~esm1 | 0.6.2-1ubuntu0.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 0.6.3-1ubuntu0.18.04.1~esm1 | 0.6.3-1ubuntu0.18.04.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 0.6.3-1ubuntu0.20.04.1~esm1 | 0.6.3-1ubuntu0.20.04.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 1.0.0-1ubuntu0.22.04.1~esm1 | 1.0.0-1ubuntu0.22.04.1~esm1 |
| fdkaac_project | fdkaac | >= 0 < 1.0.0-1ubuntu0.24.04.1~esm1 | 1.0.0-1ubuntu0.24.04.1~esm1 |
| nec | expresscluster_x | <= 5.0 | — |
| nec | expresscluster_x_singleserversafe | <= 5.0 | — |
| nec_corporation | clusterpro_x | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows buffer overflow (EUVD-2022-37729)
vuldb·2026-06-14·CVSS 9.8
CVE-2022-34823 [CRITICAL] NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows buffer overflow (EUVD-2022-37729)
A vulnerability classified as critical was found in NEC CLUSTERPRO X and EXPRESSCLUSTER X up to 5.0 on Windows. This issue affects some unknown processing. Such manipulation leads to buffer overflow.
This vulnerability is documented as CVE-2022-34823. The attack can be executed remotely. There is not any exploit available.
OSV
fdkaac vulnerabilities
osv·2025-07-22·CVSS 5.5
CVE-2022-36148 fdkaac vulnerabilities
fdkaac vulnerabilities
It was discovered that fdkaac did not correctly handle certain input. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2022-36148)
It was discovered that fdkaac did not correctly handle certain memory
operations. If a user or automated system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. (CVE-2022-37781, CVE-2023-34823, CVE-2023-34824)
GHSA
GHSA-qq8m-wq89-2wqp: Buffer overflow vulnerability in CLUSTERPRO X 5
ghsa_unreviewed·2022-11-09
CVE-2022-34823 [CRITICAL] CWE-120 GHSA-qq8m-wq89-2wqp: Buffer overflow vulnerability in CLUSTERPRO X 5
Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-08
Published