Swhkd
CVE-2022-27819
MEDIUM
Severity by source
AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
AnalysisAI
SWHKD 1.1.5 allows unsafe parsing via the -c option. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device). Affected products include: Waycrate Swhkd.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set resource limits, implement rate limiting, validate input sizes.
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. Rated high severity (CVSS 7.8), this vulnerability is low attack
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. Rated high severity (CVSS 7.1), this vulnerability is low attack
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. Rated critical severity (CVSS 9.1), this vulnerability is remote
SWHKD 1.1.5 consumes the keyboard events of unintended users. Rated medium severity (CVSS 4.4), this vulnerability is lo
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. Rated low severity (CVSS 3.3), this vulnerability i
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today