CVE-2022-28550 — CRITICAL (9.8)

Vulnerability Description

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jhead Project	Jhead	3.06

Related Weaknesses (CWE)

CWE-120 CWE-787

References

https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c6429Patch
https://github.com/Matthias-Wandel/jhead/issues/51ExploitIssue TrackingPatch
https://github.com/Matthias-Wandel/jhead/commit/64894dbc7d8e1e232e85f1cab25c6429Patch
https://github.com/Matthias-Wandel/jhead/issues/51ExploitIssue TrackingPatch

FAQ

What is CVE-2022-28550?

CVE-2022-28550 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check th...

How severe is CVE-2022-28550?

CVE-2022-28550 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-28550?

Check the references section above for vendor advisories and patch information. Affected products include: Jhead Project Jhead.