CVE-2022-26437

EPSS 1.45%
Published 01.08.2022 14:15:09
Last modified 21.11.2024 06:53:56
Source security@mediatek.com
Teams watchlist Login
Open Login

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mediatek ≫ Nbiot Sdk Version2.8.1

Mediatek ≫ Mt2621 Version-
Mediatek ≫ Mt2625 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.45%	0.799

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://corp.mediatek.com/product-security-bulletin/August-2022

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26437

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26437

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26437

EUVD