Mozilla convict up to 6.2.2 startsWith denial of service

Summaryinfo

A vulnerability marked as problematic has been reported in Mozilla convict up to 6.2.2. Affected by this vulnerability is the function startsWith. This manipulation causes denial of service. This vulnerability appears as CVE-2022-21190. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability has been found in Mozilla convict up to 6.2.2 (Web Browser) and classified as problematic. Affected by this vulnerability is the function startsWith. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was presented 05/14/2022. It is possible to read the advisory at snyk.io. This vulnerability is known as CVE-2022-21190 since 02/24/2022. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

Upgrading to version 6.2.3 eliminates this vulnerability. Applying the patch 1ea0ab19c5208f66509e1c43b0d0f21c1fd29b75 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Web Browser

Vendor

• Mozilla

Name

• convict

Version

• 6.2.0
• 6.2.1
• 6.2.2

License

• open-source

Website

• Vendor: https://www.mozilla.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion