CVE-2022-42905

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-125
View all →

Vulnerability Description

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)

Related Vulnerabilities

CVE-2014-1508

CRITICAL
CVSS:9.1(Critical)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive ...

CWE-1252014

CVE-2014-3180

CRITICAL
CVSS:9.1(Critical)

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting comp...

CWE-1252014

CVE-2016-6520

CRITICAL
CVSS:9.1(Critical)

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

CWE-1252016

CVE-2017-0854

CRITICAL
CVSS:9.1(Critical)

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.

CWE-1252017

CVE-2017-11147

CRITICAL
CVSS:9.1(Critical)

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due t...

CWE-1252017

CVE-2017-14122

CRITICAL
CVSS:9.1(Critical)

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

CWE-1252017