CVE-2022-34402

Published: Oct 10, 2022Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

Affected (1)

Products: Dell: Wyse Thinos

Dell

1 product

Wyse Thinos

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Dell Wyse Thinos	Before 9.3.2102

Running on/with	Platform Versions
Dell Latitude 3420	All versions
Dell Optiplex 3000 Thin Client	All versions
Dell Wyse 3040 Thin Client	All versions
Dell Wyse 5070 Thin Client	All versions
Dell Wyse 5470 All In One Thin Client	All versions
Dell Wyse 5470 Mobile Thin Client	All versions

Related CWEs

CWE-1333

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (2)

https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000203376/dsa-2022-247-dell-wyse-thinos-security-update-for-a-regular-expression-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.