CVE-2022-3815

A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip	Exploit Third Party Advisory
https://github.com/axiomatic-systems/Bento4/issues/792	Issue Tracking Third Party Advisory
https://vuldb.com/?id.212681	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*

History

02 Nov 2022, 18:55

Type	Values Removed	Values Added
CPE		cpe:2.3:a:axiosys:bento4:1.6.0-639:::::::*
References	~~(N/A) https://github.com/axiomatic-systems/Bento4/issues/792 -~~	(N/A) https://github.com/axiomatic-systems/Bento4/issues/792 - Issue Tracking, Third Party Advisory
References	~~(N/A) https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip -~~	(N/A) https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip - Exploit, Third Party Advisory
References	~~(N/A) https://vuldb.com/?id.212681 -~~	(N/A) https://vuldb.com/?id.212681 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

01 Nov 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-01 22:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-3815

Mitre link : CVE-2022-3815

CVE.ORG link : CVE-2022-3815

JSON object : View

Products Affected

axiosys

bento4

CWE

CWE-404

Improper Resource Shutdown or Release

{"id": "CVE-2022-3815", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-11-01T22:15:12.280", "references": [{"url": "https://github.com/axiomatic-systems/Bento4/files/9727048/POC_mp4decrypt_34393864.zip", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://github.com/axiomatic-systems/Bento4/issues/792", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.212681", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Axiomatic Bento4 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del componente mp4decrypt. La manipulaci\u00f3n conduce a una p\u00e9rdida de memoria. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-212681."}], "lastModified": "2023-11-07T03:51:50.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A003FBD1-339C-409D-A304-7FEE97E23250"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}