How severe is CVE-2022-4572?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2022-4572?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2022-4572 - HIGH Severity | CVSS 7.1

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2016-10330

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-6896

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read ...

CWE-222016

CVE-2017-15309

HIGH

CVSS:7.1(High)

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious fi...

CWE-222017

CVE-2017-2706

HIGH

CVSS:7.1(High)

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are t...

CWE-222017

CVE-2017-5228

HIGH

CVSS:7.1(High)

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build o...

CWE-222017

CVE-2017-5229

HIGH

CVSS:7.1(High)

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted...

CWE-222017