DYLIB Injection Vulnerability in Cryptomator Software by Cryptomator
CVE-2022-25366

7.8HIGH

Key Information:

Vendor: Cryptomator
Status: Cryptomator
Vendor: CVE Published:; 19 February 2022

🔔 Create Cryptomator Vulnerability Alert

What is CVE-2022-25366?

A vulnerability in Cryptomator software allows for DYLIB injection due to the presence of specific entitlements, enabling attackers to execute malicious dynamic libraries by leveraging the DYLD_INSERT_LIBRARIES environment variable. This vulnerability exposes applications to potential unauthorized code execution, making it essential for users to address this flaw and update to secure versions.

References

https://cryptomator.org/

x_refsource_MISC

https://medium.com/%40tehwinsam/cryptomator-1-6-5-dylib-i...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2022
Vulnerability Reserved
Feb 19, 2022

CVE-2022-25366 Data

JSON