How severe is CVE-2022-35289?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-35289?

This is classified as CWE-680, which is a common weakness in software security.

CVE-2022-35289

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-680

View all →

Vulnerability Description

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

CVE-2018-8786

CRITICAL

CVSS:9.8(Critical)

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably eve...

CWE-6802018

CVE-2018-8787

CRITICAL

CVSS:9.8(Critical)

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a re...

CWE-6802018

CVE-2018-8794

CRITICAL

CVSS:9.8(Critical)

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even ...

CWE-6802018

CVE-2018-8795

CRITICAL

CVSS:9.8(Critical)

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably...

CWE-6802018

CVE-2020-13576

CRITICAL

CVSS:9.8(Critical)

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HT...

CWE-6802020