CVE-2022-44751
published 2022-12-19CVE-2022-44751: HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker…
PriorityP338high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.65%
46.3th percentile
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hcl_software | notes | — | — |
| hcltech | notes | — | — |
| hcltech | notes | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-78jw-247w-7prv: IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr
ghsa_unreviewed·2022-12-19·CVSS 9.8
CVE-2022-44755 [CRITICAL] CWE-787 GHSA-78jw-247w-7prv: IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751.
GHSA
GHSA-f4jm-h9rm-vw6q: IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr
ghsa_unreviewed·2022-12-19·CVSS 9.8
CVE-2022-44751 [CRITICAL] CWE-787 GHSA-f4jm-h9rm-vw6q: IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr
IBM Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-19
Published