HIGH🇬🇧 English

CVE-2022-2809

CVSS 8.2v3.1pub. 2022-10-27upd. 2024-11-21

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • Openbmc Project Openbmc

    APP
    Openbmc-Project
    2.10.0 – 2.13.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2021-39296CRITICAL10.0ten sam produkt

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the ...

CVE-2021-39295HIGH7.5ten sam produkt

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipm...

CVE-2022-35729HIGH7.5ten sam produkt

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenti...

CVE-2022-3409HIGH8.2ten sam produkt

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was id...

CVE-2020-14156HIGH8.8ten sam produkt

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pa...

CVE-2022-2809 — HIGH 8.2 | CVEbaza.pl