CVE-2022-27819
MEDIUM5.3EPSS 0.23%Unsafe parsing in SWHKD
Published: 4/8/2022Modified: 11/8/2023
Description
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
Affected packages (1)
- crates.io/Simple-Wayland-HotKey-Daemonfrom 0, < 1.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-27819
- PATCHhttps://github.com/waycrate/swhkd
- WEBhttps://github.com/waycrate/swhkd/commit/b4e6dc76f4845ab03104187a42ac6d1bbc1e0021
- WEBhttps://github.com/waycrate/swhkd/releases
- WEBhttps://github.com/waycrate/swhkd/releases/tag/1.2.0
- WEBhttp://www.openwall.com/lists/oss-security/2022/04/14/1