VDB-218452 · CVE-2022-4891 · ID 244

Sisimai till 4.25.14p11 lib/sisimai/string.rb to_plain förnekande av tjänsten

I Sisimai till 4.25.14p11 var en problematisksvag punkt finns. Som påverkar funktionen to_plain filen lib/sisimai/string.rb. Manipulering en okänd ingång leder till en sårbarhet klass förnekande av tjänsten svag punkt. Den rådgivande finns tillgänglig för nedladdning på github.com. Denna svaga punkt behandlas som CVE-2022-4891. Attacken kan äga rum i det lokala nätet. Det finns tekniska detaljer känd. Han deklarerade proof-of-concept. Den exploit kan laddas ner från gist.githubusercontent.com. En uppgradering till den version 4.25.14p12 att åtgärda problemet. Uppgraderingen som erbjuds för nedladding github.com. Plåstret kan laddas ner från github.com. Som bläst uppdatera till den senaste versionen åtgärder rekommenderas. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält	16/01/2023 19:49	09/02/2023 08:34	09/02/2023 08:36
name	Sisimai	Sisimai	Sisimai
version	<=4.25.14p11	<=4.25.14p11	<=4.25.14p11
file	lib/sisimai/string.rb	lib/sisimai/string.rb	lib/sisimai/string.rb
function	to_plain	to_plain	to_plain
cwe	1333 (förnekande av tjänsten)	1333 (förnekande av tjänsten)	1333 (förnekande av tjänsten)
risk	1	1	1
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	244	244	244
url	https://github.com/sisimai/rb-sisimai/pull/244	https://github.com/sisimai/rb-sisimai/pull/244	https://github.com/sisimai/rb-sisimai/pull/244
availability	1	1	1
publicity	1	1	1
url	https://gist.githubusercontent.com/gmcabrita/e5dc0332473fc2e3a7a407434c8d21c7/raw/00b12035e5e1b685469f143b94301a50306376ba/example.html	https://gist.githubusercontent.com/gmcabrita/e5dc0332473fc2e3a7a407434c8d21c7/raw/00b12035e5e1b685469f143b94301a50306376ba/example.html	https://gist.githubusercontent.com/gmcabrita/e5dc0332473fc2e3a7a407434c8d21c7/raw/00b12035e5e1b685469f143b94301a50306376ba/example.html
name	Upgrade	Upgrade	Upgrade
upgrade_version	4.25.14p12	4.25.14p12	4.25.14p12
upgrade_url	https://github.com/sisimai/rb-sisimai/releases/tag/v4.25.14p12	https://github.com/sisimai/rb-sisimai/releases/tag/v4.25.14p12	https://github.com/sisimai/rb-sisimai/releases/tag/v4.25.14p12
patch_name	51fe2e6521c9c02b421b383943dc9e4bbbe65d4e	51fe2e6521c9c02b421b383943dc9e4bbbe65d4e	51fe2e6521c9c02b421b383943dc9e4bbbe65d4e
patch_url	https://github.com/sisimai/rb-sisimai/commit/51fe2e6521c9c02b421b383943dc9e4bbbe65d4e	https://github.com/sisimai/rb-sisimai/commit/51fe2e6521c9c02b421b383943dc9e4bbbe65d4e	https://github.com/sisimai/rb-sisimai/commit/51fe2e6521c9c02b421b383943dc9e4bbbe65d4e
advisoryquote	Prevent Regex Denial of Service in Sisimai::String.to_plain	Prevent Regex Denial of Service in Sisimai::String.to_plain	Prevent Regex Denial of Service in Sisimai::String.to_plain
cve	CVE-2022-4891	CVE-2022-4891	CVE-2022-4891
responsible	VulDB	VulDB	VulDB
date	1673823600 (16/01/2023)	1673823600 (16/01/2023)	1673823600 (16/01/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss2_vuldb_basescore	2.7	2.7	2.7
cvss2_vuldb_tempscore	2.1	2.1	2.1
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.2	3.2	3.2
cvss3_meta_basescore	3.5	3.5	4.8
cvss3_meta_tempscore	3.2	3.2	4.7
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673823600 (16/01/2023)	1673823600 (16/01/2023)
cve_nvd_summary		A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.	A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			N
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			N
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			2.7
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			3.5

◂ Tidigare Översikt Nästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!