CVE-2022-4639 — MEDIUM (5.6)

Vulnerability Description

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Sslh Project	Sslh	2.0

Related Weaknesses (CWE)

CWE-134 CWE-119

References

https://github.com/yrutschle/sslh/commit/b19f8a6046b080e4c2e28354a58556bb26040c6PatchThird Party Advisory
https://github.com/yrutschle/sslh/pull/353PatchThird Party Advisory
https://vuldb.com/?id.216497Third Party Advisory
https://github.com/yrutschle/sslh/commit/b19f8a6046b080e4c2e28354a58556bb26040c6PatchThird Party Advisory
https://github.com/yrutschle/sslh/pull/353PatchThird Party Advisory
https://vuldb.com/?id.216497Third Party Advisory

FAQ

What is CVE-2022-4639?

CVE-2022-4639 is a vulnerability with a CVSS score of 5.6 (MEDIUM). A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the ...

How severe is CVE-2022-4639?

CVE-2022-4639 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4639?

Check the references section above for vendor advisories and patch information. Affected products include: Sslh Project Sslh.