Insufficient Control Flow Management

CVE-2022-41646

Medium

4.7/10

Summary

Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-691 - Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

References

Advisory Timeline

Published May 10, 2023

Insufficient Control Flow Management

CVE-2022-41646

Summary

CWE-691 - Insufficient Control Flow Management

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS