CVE-2022-35015Out-of-bounds Write in Advancecomp

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 60.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Advancemame AdvancecompFedoraproject Fedora
Timeline
PublishedAug 29
Latest updateFeb 1

Description

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianadvancemame/advancecomp< 2.4-1+2
Ubuntuadvancemame/advancecomp< 2.1-1ubuntu0.18.04.3+3

Also affects: Fedora 35, 36, 37

🔴Vulnerability Details

4
OSV
advancecomp vulnerabilities2023-02-01
GHSA
GHSA-vrhv-32q9-93jj: Advancecomp v22022-08-29
OSV
CVE-2022-35015: Advancecomp v22022-08-29
CVEList
CVE-2022-35015: Advancecomp v22022-08-29

📋Vendor Advisories

3
Ubuntu
AdvanceCOMP vulnerabilities2023-02-01
Red Hat
advancecomp: heap-buffer-overflow in le_uint32_read() in lib/endianrw.h2022-08-29
Debian
CVE-2022-35015: advancecomp - Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_...2022
CVE-2022-35015 — Out-of-bounds Write in Advancecomp | cvebase