CVE-2022-37347

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 66.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Security Trend Micro Trend Micro Security (consumer)

Timeline

PublishedSep 19

Latest updateSep 20

Description

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_security_(consumer)2022 (17.7.1383 and below)

▶NVDtrendmicro/security17.7.1383

Patches

Patch: helpcenter.trendmicro.com ↗Patch: helpcenter.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-h526-2w67-6rr7: Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker↗2022-09-20

▶

CVEList

CVE-2022-37347: Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker↗2022-09-19

▶