Out-of-bounds Read

CVE-2022-44940

High

8.8/10

Summary

Patchelf was discovered to contain an out-of-bounds read via the function "modifyRPath" at "src/patchelf.cc". This issue affects the package patchelf (Python) versions through 0.15.0.0, pypatchelf (Python) versions through 0.9, and patchelf (Cpp) versions through 0.15.0.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Dec 19, 2022

Out-of-bounds Read

CVE-2022-44940

Summary

CWE-125 - Out-of-Bounds Read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS