CVE-2022-42392
published 2023-01-26CVE-2022-42392: This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to…
PriorityP426medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
0.36%
27.7th percentile
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18661.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pdf-xchange | pdf-xchange_editor | < 9.5.366.0 | 9.5.366.0 |
| pdf-xchange | pdf-xchange_editor | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv3.03.3LOWCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pf5g-rwhg-x29q: This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor
ghsa_unreviewed·2023-01-26
CVE-2022-42392 [MEDIUM] CWE-125 GHSA-pf5g-rwhg-x29q: This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18661.
OSV
h2database vulnerabilities
osv·2022-04-05·CVSS 9.8
CVE-2021-42392 h2database vulnerabilities
h2database vulnerabilities
It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)
It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)
GHSA
Arbitrary code execution in H2 Console
ghsa·2022-01-21·CVSS 9.8
CVE-2022-23221 [CRITICAL] CWE-88 Arbitrary code execution in H2 Console
Arbitrary code execution in H2 Console
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
Oracle
Oracle Oracle Communications Risk Matrix: Policy (H2) — CVE-2021-42392
vendor_oracle·2022-04-15·CVSS 9.8
CVE-2021-42392 [CRITICAL] Oracle Oracle Communications Risk Matrix: Policy (H2) — CVE-2021-42392
Oracle Oracle Communications Risk Matrix: Policy (H2) vulnerability
CVE: CVE-2021-42392
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
Red Hat
h2: Loading of custom classes from remote servers through JNDI
vendor_redhat·2022-01-19·CVSS 9.8
CVE-2022-23221 [CRITICAL] CWE-502 h2: Loading of custom classes from remote servers through JNDI
h2: Loading of custom classes from remote servers through JNDI
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.
Statement: In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the
No detection rules found.
No public exploits indexed.
2023-01-26
Published