CVE-2022-4969

MEDIUM

Pypi Rockhopper < 0.2.0 - Buffer Overflow

Title source: rule

Description

A vulnerability, which was classified as critical, has been found in bwoodsend rockhopper up to 0.1.2. Affected by this issue is the function count_rows of the file rockhopper/src/ragged_array.c of the component Binary Parser. The manipulation of the argument raw leads to buffer overflow. Local access is required to approach this attack. Upgrading to version 0.2.0 is able to address this issue. The name of the patch is 1a15fad5e06ae693eb9b8908363d2c8ef455104e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266312.

References (4)

Core 4

Core References

Release Notes patch

https://github.com/bwoodsend/rockhopper/releases/tag/v0.2.0

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.266312

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.266312

Patch patch

https://github.com/bwoodsend/rockhopper/commit/1a15fad5e06ae693eb9b8908363d2c8ef455104e

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 25.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (4)

bwoodsend/rockhopper 0.1.0

bwoodsend/rockhopper 0.1.1

bwoodsend/rockhopper 0.1.2

pypi/rockhopper 0 - 0.2.0PyPI

Published May 27, 2024

Tracked Since Feb 18, 2026