Buffer Overflow Vulnerability in bwoodsend Rockhopper Binary Parser
CVE-2022-4969

5.3MEDIUM

Key Information:

Vendor: Bwoodsend
Status: Rockhopper
Vendor: CVE Published:; 27 May 2024

What is CVE-2022-4969?

A critical vulnerability has been detected in the bwoodsend Rockhopper product, specifically in the Binary Parser component within the function count_rows found in ragged_array.c. This vulnerability allows for a buffer overflow, which occurs due to improper handling of the argument 'raw'. Local access to the system is necessary for an attacker to exploit this flaw. Users are strongly advised to upgrade to version 0.2.0, which includes the necessary patch (commit ID: 1a15fad5e06ae693eb9b8908363d2c8ef455104e) to effectively mitigate this issue.

Affected Version(s)

rockhopper 0.1.0

rockhopper 0.1.1

rockhopper 0.1.2

References

https://vuldb.com/?id.266312

vdb-entrytechnical-description

https://vuldb.com/?ctiid.266312

signaturepermissions-required

https://github.com/bwoodsend/rockhopper/commit/1a15fad5e0...

patch

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2024
Vulnerability Reserved
May 26, 2024

Credit

VulDB GitHub Commit Analyzer