6.5

CVE-2022-1289

Exploit

tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TildearrowFurnace Version-
TildearrowFurnace Version0.2
TildearrowFurnace Version0.2.1
TildearrowFurnace Version0.2.2
TildearrowFurnace Version0.3
TildearrowFurnace Version0.3.1
TildearrowFurnace Version0.4
TildearrowFurnace Version0.4.1
TildearrowFurnace Version0.4.2
TildearrowFurnace Version0.4.3
TildearrowFurnace Version0.4.4
TildearrowFurnace Version0.4.5
TildearrowFurnace Version0.4.5 Updatereal
TildearrowFurnace Version0.4.6
TildearrowFurnace Version0.4.7
TildearrowFurnace Version0.5
TildearrowFurnace Version0.5.1
TildearrowFurnace Version0.5.2
TildearrowFurnace Version0.5.3
TildearrowFurnace Version0.5.4
TildearrowFurnace Version0.5.5
TildearrowFurnace Version0.5.6
TildearrowFurnace Version0.5.7 Update-
TildearrowFurnace Version0.5.7 Updatepre4
TildearrowFurnace Version0.5.8
TildearrowFurnace Version0.6 Updatepre0
TildearrowFurnace Versiondev5
TildearrowFurnace Versiondev6
TildearrowFurnace Versiondev7
TildearrowFurnace Versiondev8
TildearrowFurnace Versiondev9
TildearrowFurnace Versiondev10
TildearrowFurnace Versiondev62
TildearrowFurnace Versiondev63
TildearrowFurnace Versiondev64
TildearrowFurnace Versiondev65
TildearrowFurnace Versiondev66
TildearrowFurnace Versiondev67
TildearrowFurnace Versiondev68
TildearrowFurnace Versiondev69
TildearrowFurnace Versiondev70
TildearrowFurnace Versiondev71
TildearrowFurnace Versiondev72
TildearrowFurnace Versiondev73
TildearrowFurnace Versiondev75
TildearrowFurnace Versiondev76
TildearrowFurnace Versiondev77
TildearrowFurnace Versiondev78
TildearrowFurnace Versiondev79
TildearrowFurnace Versiondev80
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.1% 0.615
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
cna@vuldb.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce
Patch
Third Party Advisory
https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655
Third Party Advisory
Exploit
Issue Tracking
https://vuldb.com/?id.196755
Third Party Advisory