CVE-2022-41716

MEDIUM Year: 2022
CVSS v3 Score
6.3
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".

Related Vulnerabilities

CVE-2016-3563

MEDIUM
CVSS:6.3(Medium)

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors re...

NVD-CWE-Other2016

CVE-2017-10153

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1 ...

NVD-CWE-Other2017

CVE-2017-10163

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 1...

NVD-CWE-Other2017

CVE-2017-10385

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerabi...

NVD-CWE-Other2017

CVE-2017-10393

MEDIUM
CVSS:6.3(Medium)

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerabi...

NVD-CWE-Other2017

CVE-2017-18711

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 be...

NVD-CWE-Other2017