CVE-2022-36330 — Classic Buffer Overflow in IBI

CWE-120 — Classic Buffer Overflow2 documents2 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 39.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sandisk IBI Western Digital MY Cloud Home AND MY Cloud Home DUO Westerndigital MY Cloud Home DUO Firmware +2 more

Timeline

PublishedMay 10

Latest updateJul 6

Description

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

▶NVDwesterndigital/my_cloud_home_firmware< 9.4.0-191

▶NVDwesterndigital/my_cloud_home_duo_firmware< 9.4.0-191

▶CVEListV5western_digital/my_cloud_home_and_my_cloud_home_duo< 9.4.0-191

▶NVDwesterndigital/sandisk_ibi_firmware< 9.4.0-191

▶CVEListV5sandisk/ibi< 9.4.0-191

🔴Vulnerability Details

GHSA

GHSA-gvrx-2pqj-7jjm: A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western D↗2023-07-06

▶