Improper Validation of Specified Quantity in Input
CVE-2022-46143
Summary
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- HIGH
- LOW
- NONE
CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
References
Advisory Timeline
- Published