CVE-2022-21742

EPSS 0.11%
Veröffentlicht 20.06.2022 06:15:08
Zuletzt bearbeitet 21.11.2024 06:45:21
Quelle twcert@cert.org.tw
Teams Watchlist Login
Unerledigt Login

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Realtek ≫ Rtl8156 Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8156 Version-

Realtek ≫ Rtl8156 Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8156 Version-

Realtek ≫ Rtl8156 Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8156 Version-

Realtek ≫ Rtl8156b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8156b Version-

Realtek ≫ Rtl8156b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8156b Version-

Realtek ≫ Rtl8156b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8156b Version-

Realtek ≫ Rtl8153 Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8153 Version-

Realtek ≫ Rtl8153 Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8153 Version-

Realtek ≫ Rtl8153 Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8153 Version-

Realtek ≫ Rtl8153b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8153b Version-

Realtek ≫ Rtl8153b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8153b Version-

Realtek ≫ Rtl8153b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8153b Version-

Realtek ≫ Rtl8154 Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8154 Version-

Realtek ≫ Rtl8154 Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8154 Version-

Realtek ≫ Rtl8154 Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8154 Version-

Realtek ≫ Rtl8154b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8154b Version-

Realtek ≫ Rtl8154b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8154b Version-

Realtek ≫ Rtl8154b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8154b Version-

Realtek ≫ Rtl8152b Firmware Version >= 7.42 <= 7.53

Realtek ≫ Rtl8152b Version-

Realtek ≫ Rtl8152b Firmware Version >= 8.49 <= 8.60

Realtek ≫ Rtl8152b Version-

Realtek ≫ Rtl8152b Firmware Version >= 10.28 < 10.50

Realtek ≫ Rtl8152b Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.303

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:N/A:P
twcert@cert.org.tw	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-21742

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21742

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21742

EUVD