CVE-2022-47925

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0004.json	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:csaf-validator-lib_project:csaf-validator-lib:*:*:*:*:*:*:*:*

History

07 Nov 2023, 10:15

Type	Values Removed	Values Added
Summary	The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a DoS of the process answering the current request while having no effect on other requests.	The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability.

Information

Published : 2023-03-27 14:15

Updated : 2024-02-28 20:13

NVD link : CVE-2022-47925

Mitre link : CVE-2022-47925

CVE.ORG link : CVE-2022-47925

JSON object : View

Products Affected

csaf-validator-lib_project

csaf-validator-lib

CWE

CWE-20

Improper Input Validation

7.5 /10