NULL Pointer Dereference in atom-shell

CVE-2022-1130

atom-shell
chromiumembeddedframework.runtime
electron
electron-nightly
electron-prebuilt
org.webjars.npm:electron
org.webjars.npm:electron-prebuilt

High

8.1/10

Summary

Insufficient validation of trust input in WebOTP in Google Chrome on Android versions prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory
Release Note
Issue

Advisory Timeline

Published Jul 23, 2022

NULL Pointer Dereference in atom-shell

CVE-2022-1130

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS