How severe is CVE-2022-4741?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-4741?

This is classified as CWE-789, which is a common weakness in software security.

CVE-2022-4741 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is 42bcff666855ab978e67a9041d0cdea552f20301. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779.

Related Vulnerabilities

CVE-2018-12541

MEDIUM

CVSS:6.5(Medium)

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There s...

CWE-7892018

CVE-2020-8551

MEDIUM

CVSS:6.5(Medium)

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP ...

CWE-7892020

CVE-2022-22226

MEDIUM

CVSS:6.5(Medium)

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthentic...

CWE-7892022

CVE-2023-20089

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacen...

CWE-7892023

CVE-2023-20202

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)...

CWE-7892023

CVE-2023-5371

MEDIUM

CVSS:6.5(Medium)

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

CWE-7892023