CVE-2022-27819
MEDIUM5.3EPSS 0.23%Unsafe parsing in SWHKD
發布日:2022/4/8修改日:2023/11/8
描述
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
受影響套件(1)
- crates.io/Simple-Wayland-HotKey-Daemonfrom 0, < 1.2.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-27819
- PATCHhttps://github.com/waycrate/swhkd
- WEBhttps://github.com/waycrate/swhkd/commit/b4e6dc76f4845ab03104187a42ac6d1bbc1e0021
- WEBhttps://github.com/waycrate/swhkd/releases
- WEBhttps://github.com/waycrate/swhkd/releases/tag/1.2.0
- WEBhttp://www.openwall.com/lists/oss-security/2022/04/14/1