CVE-2022-2652

HIGH Year: 2022
CVSS v3 Score
7.3
High
Weakness Type
CWE-134
View all →

Vulnerability Description

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).

Related Vulnerabilities

CVE-2018-12590

HIGH
CVSS:7.2(High)

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privileg...

CWE-1342018

CVE-2023-35086

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function...

CWE-1342023

CVE-2023-39238

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with...

CWE-1342023

CVE-2023-39239

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote...

CWE-1342023

CVE-2023-39240

HIGH
CVSS:7.2(High)

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi mo...

CWE-1342023

CVE-2023-45583

HIGH
CVSS:7.2(High)

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM version...

CWE-1342023