Array Handling Vulnerability in Janet Language Interpreter by Janet
CVE-2022-30763

7.5HIGH

Key Information:

Vendor

Janet-lang

Status
Janet
Vendor
CVE Published:
16 May 2022

What is CVE-2022-30763?

The Janet Language Interpreter prior to version 1.22.0 contains an issue related to improper handling of arrays. This vulnerability could potentially allow attackers to exploit software that utilizes the Janet language in ways that compromise the integrity of data and even the system itself. It’s crucial for users of Janet to upgrade to version 1.22.0 or later to mitigate risks associated with this flaw.

References

https://github.com/janet-lang/janet/compare/v1.21.1...v1....
x_refsource_MISC
https://github.com/janet-lang/janet/releases/tag/v1.22.0
x_refsource_MISC
https://blog.convisoappsec.com/en/bug-hunting-in-the-jane...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.