How severe is CVE-2022-28733?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-28733?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2022-28733

HIGH Year: 2022

CVSS v3 Score

8.1

High

Weakness Type

CWE-191

View all →

Vulnerability Description

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

CVE-2018-16601

HIGH

CVSS:8.1(High)

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header t...

CWE-1912018

CVE-2021-21811

HIGH

CVSS:8.1(High)

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can ...

CWE-1912021