CVE-2022-43703Uncontrolled Search Path Element in ARM DS Development Studio

CWE-427Uncontrolled Search Path Element2 documents2 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ARM DS Development Studio
Timeline
PublishedJul 27
Latest updateJul 28

Description

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDarm/ds_development_studio5.0.05.29.3

🔴Vulnerability Details

1
GHSA
GHSA-hpg6-hp9w-vxqp: An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being2023-07-28