CVE-2022-25852

Exploit

EPSS 0.43%
Veröffentlicht 17.06.2022 20:15:10
Zuletzt bearbeitet 21.11.2024 06:53:07
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libpq Project ≫ Libpq SwPlatformnode.js

Pg-native Project ≫ Pg-native SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://snyk.io/vuln/SNYK-JS-LIBPQ-2392366

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JS-PGNATIVE-2392365

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-25852

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-25852

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-25852

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-25852