CVE-2022-31026

{"id": "CVE-2022-31026", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-06-09T13:15:08.457", "references": [{"url": "https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers."}, {"lang": "es", "value": "Trilogy es una biblioteca cliente para MySQL. Cuando es autenticado, un servidor malicioso podr\u00eda devolver un paquete de autenticaci\u00f3n especialmente dise\u00f1ado, causando que el cliente lea y devuelva hasta 12 bytes de datos de una variable no inicializada en la memoria de la pila. Los usuarios de la gema trilog\u00eda deber\u00edan actualizar a versi\u00f3n 2.1.1. Este problema puede evitarse conect\u00e1ndose \u00fanicamente a servidores confiables"}], "lastModified": "2024-11-21T07:03:44.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trilogy_project:trilogy:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "9DBD25C5-280A-4303-8AEA-1389C45EB652", "versionEndExcluding": "2.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}