CVE-2022-27819

Published: Apr 7, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H

Exploitability: 1.0 / Impact: 4.2

Source: NVD

Description

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).

Affected (1)

Products: Waycrate: Swhkd

Waycrate

1 product

Swhkd

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Waycrate Swhkd	Version 1.1.5

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (6)

http://www.openwall.com/lists/oss-security/2022/04/14/1

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/waycrate/swhkd/commit/b4e6dc76f4845ab03104187a42ac6d1bbc1e0021

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/waycrate/swhkd/releases

Source: cve@mitre.org

Release Notes

http://www.openwall.com/lists/oss-security/2022/04/14/1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/waycrate/swhkd/commit/b4e6dc76f4845ab03104187a42ac6d1bbc1e0021

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/waycrate/swhkd/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.