tildearrow Furnace dev73 FUR to VGM Converter stack-based overflow

A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects an unknown part of the component FUR to VGM Converter. The manipulation leads to stack-based buffer overflow. The CWE definition for the vulnerability is CWE-121. The weakness was released 04/03/2022 as 325. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2022-1211. It is possible to initiate the attack remotely. There are no technical details available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as proof-of-concept. The exploit is shared for download at drive.google.com. We expect the 0-day to have been worth approximately $0-$5k. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field04/05/2022 18:3104/05/2022 18:3904/10/2022 17:09
vendortildearrowtildearrowtildearrow
nameFurnaceFurnaceFurnace
versiondev73dev73dev73
componentFUR to VGM ConverterFUR to VGM ConverterFUR to VGM Converter
cwe121 (stack-based overflow)121 (stack-based overflow)121 (stack-based overflow)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcCCC
urlhttps://github.com/tildearrow/furnace/issues/325https://github.com/tildearrow/furnace/issues/325https://github.com/tildearrow/furnace/issues/325
availability111
publicity111
urlhttps://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharinghttps://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharinghttps://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing
cveCVE-2022-1211CVE-2022-1211CVE-2022-1211
responsibleVulDBVulDBVulDB
date1648936800 (04/03/2022)1648936800 (04/03/2022)1648936800 (04/03/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlNDNDOF
cvss3_vuldb_rlXXO
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.86.85.9
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.05.7
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore6.06.16.0
price_0day$0-$5k$0-$5k$0-$5k
identifier325325325
cve_assigned1648936800 (04/03/2022)1648936800 (04/03/2022)1648936800 (04/03/2022)
cve_nvd_summaryA vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss3_cna_basescore6.36.3
namePatch
patch_urlhttps://github.com/tildearrow/furnace/commit/3a7a132f0210c047de1825b33d68e3542145b0a1

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!