A vulnerability was found in NVIDIA CUDA Toolkit SDK (unknown version). It has been rated as critical. Affected by this issue is an unknown code block of the component cuobjdump. The manipulation with an unknown input leads to a stack-based overflow vulnerability. Using CWE to declare the problem leads to CWE-121. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Impacted is confidentiality, integrity, and availability. CVE summarizes:

NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.

The weakness was shared 11/19/2022. The advisory is available at nvidia.custhelp.com. This vulnerability is handled as CVE-2022-34667 since 06/27/2022. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 11/19/2022).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• NVIDIA

Name

• CUDA Toolkit SDK

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion