tildearrow Furnace dev73 FUR to VGM Converter 内存损坏

条目历史差异jsonxmlCTI

在tildearrow Furnace dev73中已发现了分类为致命的漏洞。此漏洞会影响未知部件的组件FUR to VGM Converter。手动调试的不合法输入可导致内存损坏。漏洞的CWE定义是 CWE-121。此漏洞的脆弱性 2022-04-03公示人身份325、所发布。阅读公告的网址是github.com。该漏洞唯一标识为CVE-2022-1211，攻击可以远程发起，无技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。当前漏洞利用的价值为美元大约是$0-$5k 。它被宣布为proof-of-concept。该漏洞利用的共享下载地址为：drive.google.com。我们估计的零日攻击价值约为$0-$5k。错误修复程序下载地址为github.com，建议采用一个补丁来修正此问题。该漏洞被披露后，此前未曾发表过可能的缓解措施。

字段	2022-04-05 18時31分	2022-04-05 18時39分	2022-04-10 17時09分
vendor	tildearrow	tildearrow	tildearrow
name	Furnace	Furnace	Furnace
version	dev73	dev73	dev73
component	FUR to VGM Converter	FUR to VGM Converter	FUR to VGM Converter
cwe	121 (内存损坏)	121 (内存损坏)	121 (内存损坏)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	C	C	C
url	https://github.com/tildearrow/furnace/issues/325	https://github.com/tildearrow/furnace/issues/325	https://github.com/tildearrow/furnace/issues/325
availability	1	1	1
publicity	1	1	1
url	https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing	https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing	https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing
cve	CVE-2022-1211	CVE-2022-1211	CVE-2022-1211
responsible	VulDB	VulDB	VulDB
date	1648936800 (2022-04-03)	1648936800 (2022-04-03)	1648936800 (2022-04-03)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	ND	ND	OF
cvss3_vuldb_rl	X	X	O
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.8	6.8	5.9
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	5.7
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	6.0	6.1	6.0
price_0day	$0-$5k	$0-$5k	$0-$5k
identifier	325	325	325
cve_assigned	1648936800 (2022-04-03)	1648936800 (2022-04-03)	1648936800 (2022-04-03)
cve_nvd_summary	A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cve_cna		VulDB	VulDB
cvss3_cna_basescore		6.3	6.3
name			补丁
patch_url			https://github.com/tildearrow/furnace/commit/3a7a132f0210c047de1825b33d68e3542145b0a1

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!