CVE-2022-3734

EPSS 0.15%
Published 28.10.2022 08:15:14
Last modified 21.11.2024 07:20:07
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Redis ≫ Redis Version-

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://vuldb.com/?id.212416

Third Party Advisory

Permissions Required

https://www.cnblogs.com/J0o1ey/p/16829380.html

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-3734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3734

EUVD