Skip to main content

Swhkd CVE-2022-27819

MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2022-04-07 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 07, 2022 - 02:15 nvd
MEDIUM 5.3

DescriptionNVD

SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).

AnalysisAI

SWHKD 1.1.5 allows unsafe parsing via the -c option. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). Affected products include: Waycrate Swhkd.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.

Share

CVE-2022-27819 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy