CVE-2022-37398

EPSS 0.56%
Veröffentlicht 05.08.2022 17:15:08
Zuletzt bearbeitet 21.11.2024 07:14:55
Quelle security@asustor.com
CVE-Watchlists
Login
Unerledigt
Login

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asustor ≫ Adm Version >= 3.5.0 <= 3.5.9.rue3

Asustor ≫ Adm Version >= 4.0.0 <= 4.0.5.rvi1

Asustor ≫ Adm Version >= 4.1.0 <= 4.1.0.rjd1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.673

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@asustor.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.asustor.com/security/security_advisory_detail?id=12

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37398

EUVD