CVE-2022-30763

Published: May 16, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Janet before 1.22.0 mishandles arrays.

Affected (1)

Products: Janet Lang: Janet

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Janet Lang Janet	Before 1.22.0

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

https://blog.convisoappsec.com/en/bug-hunting-in-the-janet-language-interpreter/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://github.com/janet-lang/janet/compare/v1.21.1...v1.22.0

Source: cve@mitre.org

Third Party Advisory

https://github.com/janet-lang/janet/releases/tag/v1.22.0

Source: cve@mitre.org

Release NotesThird Party Advisory

https://blog.convisoappsec.com/en/bug-hunting-in-the-janet-language-interpreter/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://github.com/janet-lang/janet/compare/v1.21.1...v1.22.0

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/janet-lang/janet/releases/tag/v1.22.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.