CVE-2022-23850

{"id": "CVE-2022-23850", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-01-23T07:15:10.117", "references": [{"url": "https://cwe.mitre.org/data/definitions/121.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/kevinboone/epub2txt2/issues/17", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cwe.mitre.org/data/definitions/121.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/kevinboone/epub2txt2/issues/17", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document."}, {"lang": "es", "value": "La funci\u00f3n xhtml_translate_entity en el archivo xhtml.c en epub2txt (tambi\u00e9n se conoce como epub2txt2) versiones hasta 2.02, permite un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria por medio de un documento EPUB dise\u00f1ado"}], "lastModified": "2024-11-21T06:49:21.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:epub2txt_project:epub2txt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37C4AE16-20BB-43BB-8253-6764D4264660", "versionEndIncluding": "2.02"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}