Search criteria
10 vulnerabilities found for Furnace by tildearrow
CVE-2026-24800 (GCVE-0-2026-24800)
Vulnerability from nvd – Published: 2026-01-27 08:33 – Updated: 2026-01-27 17:02
VLAI?
Title
A heap-based buffer over-read or buffer overflow in tildearrow/furnace
Summary
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tildearrow | furnace |
Affected:
0 , < 0.6.8.3
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T17:02:10.616812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T17:02:21.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/tildearrow/furnace",
"defaultStatus": "unaffected",
"modules": [
"extern/zlib"
],
"product": "furnace",
"programFiles": [
"inflate.c"
],
"vendor": "tildearrow",
"versions": [
{
"lessThan": "0.6.8.3",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003einflate.C\u003c/tt\u003e.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T08:33:16.882Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/tildearrow/furnace/pull/2471"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A heap-based buffer over-read or buffer overflow in tildearrow/furnace",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2026-24800",
"datePublished": "2026-01-27T08:33:16.882Z",
"dateReserved": "2026-01-27T08:18:43.268Z",
"dateUpdated": "2026-01-27T17:02:21.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1289 (GCVE-0-2022-1289)
Vulnerability from nvd – Published: 2022-04-10 15:15 – Updated: 2025-04-15 14:41
VLAI?
Title
tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service
Summary
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
Severity ?
4.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tildearrow | Furnace |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.196755"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:59.249714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:41:32.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Furnace",
"vendor": "tildearrow",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-10T15:15:15.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.196755"
}
],
"title": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-1289",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Furnace",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "tildearrow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655",
"refsource": "MISC",
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"name": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce",
"refsource": "MISC",
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"name": "https://vuldb.com/?id.196755",
"refsource": "MISC",
"url": "https://vuldb.com/?id.196755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-1289",
"datePublished": "2022-04-10T15:15:15.000Z",
"dateReserved": "2022-04-10T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:41:32.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1211 (GCVE-0-2022-1211)
Vulnerability from nvd – Published: 2022-04-03 12:10 – Updated: 2025-04-15 14:42
VLAI?
Title
tildearrow Furnace FUR to VGM Converter stack-based overflow
Summary
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tildearrow | Furnace |
Affected:
dev73
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.196371"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:02.991823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:42:19.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Furnace",
"vendor": "tildearrow",
"versions": [
{
"status": "affected",
"version": "dev73"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T12:10:11.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.196371"
}
],
"title": "tildearrow Furnace FUR to VGM Converter stack-based overflow",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-1211",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "tildearrow Furnace FUR to VGM Converter stack-based overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Furnace",
"version": {
"version_data": [
{
"version_value": "dev73"
}
]
}
}
]
},
"vendor_name": "tildearrow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tildearrow/furnace/issues/325",
"refsource": "MISC",
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"name": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"name": "https://vuldb.com/?id.196371",
"refsource": "MISC",
"url": "https://vuldb.com/?id.196371"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-1211",
"datePublished": "2022-04-03T12:10:11.000Z",
"dateReserved": "2022-04-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:42:19.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-24800 (GCVE-0-2026-24800)
Vulnerability from cvelistv5 – Published: 2026-01-27 08:33 – Updated: 2026-01-27 17:02
VLAI?
Title
A heap-based buffer over-read or buffer overflow in tildearrow/furnace
Summary
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
Severity ?
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tildearrow | furnace |
Affected:
0 , < 0.6.8.3
(git)
|
Credits
TITAN Team (titancaproject@gmail.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T17:02:10.616812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T17:02:21.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/tildearrow/furnace",
"defaultStatus": "unaffected",
"modules": [
"extern/zlib"
],
"product": "furnace",
"programFiles": [
"inflate.c"
],
"vendor": "tildearrow",
"versions": [
{
"lessThan": "0.6.8.3",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003einflate.C\u003c/tt\u003e.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T08:33:16.882Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/tildearrow/furnace/pull/2471"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A heap-based buffer over-read or buffer overflow in tildearrow/furnace",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2026-24800",
"datePublished": "2026-01-27T08:33:16.882Z",
"dateReserved": "2026-01-27T08:18:43.268Z",
"dateUpdated": "2026-01-27T17:02:21.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1289 (GCVE-0-2022-1289)
Vulnerability from cvelistv5 – Published: 2022-04-10 15:15 – Updated: 2025-04-15 14:41
VLAI?
Title
tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service
Summary
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
Severity ?
4.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tildearrow | Furnace |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.196755"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:59.249714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:41:32.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Furnace",
"vendor": "tildearrow",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-10T15:15:15.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.196755"
}
],
"title": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-1289",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Furnace",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "tildearrow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655",
"refsource": "MISC",
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"name": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce",
"refsource": "MISC",
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"name": "https://vuldb.com/?id.196755",
"refsource": "MISC",
"url": "https://vuldb.com/?id.196755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-1289",
"datePublished": "2022-04-10T15:15:15.000Z",
"dateReserved": "2022-04-10T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:41:32.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1211 (GCVE-0-2022-1211)
Vulnerability from cvelistv5 – Published: 2022-04-03 12:10 – Updated: 2025-04-15 14:42
VLAI?
Title
tildearrow Furnace FUR to VGM Converter stack-based overflow
Summary
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tildearrow | Furnace |
Affected:
dev73
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.196371"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1211",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:02.991823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:42:19.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Furnace",
"vendor": "tildearrow",
"versions": [
{
"status": "affected",
"version": "dev73"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-03T12:10:11.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.196371"
}
],
"title": "tildearrow Furnace FUR to VGM Converter stack-based overflow",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-1211",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "tildearrow Furnace FUR to VGM Converter stack-based overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Furnace",
"version": {
"version_data": [
{
"version_value": "dev73"
}
]
}
}
]
},
"vendor_name": "tildearrow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tildearrow/furnace/issues/325",
"refsource": "MISC",
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"name": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"name": "https://vuldb.com/?id.196371",
"refsource": "MISC",
"url": "https://vuldb.com/?id.196371"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-1211",
"datePublished": "2022-04-03T12:10:11.000Z",
"dateReserved": "2022-04-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:42:19.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202204-0586
Vulnerability from variot - Updated: 2023-12-18 13:32A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. tildearrow of furnace Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0586",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.3"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.5"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.3"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.2"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.2"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.1"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.2.1"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": null
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.5"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.5.2"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.6"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.5.3"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.2.2"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.4"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.5.4"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.5.1"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.4.7"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "0.3.1"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "0.5.7"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev8"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev79"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev63"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev70"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev65"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev7"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev75"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev5"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev67"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev69"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "0.5.6"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "0.5.5"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev66"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev68"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev71"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev9"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev72"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev10"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev64"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "0.5.8"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev77"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev6"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev76"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev80"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev73"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "0.6"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev78"
},
{
"model": "furnace",
"scope": "eq",
"trust": 1.0,
"vendor": "tildearrow",
"version": "dev62"
},
{
"model": "furnace",
"scope": null,
"trust": 0.8,
"vendor": "tildearrow",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.5:real:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.6:pre0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.7:pre4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:0.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev65:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev67:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev68:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev69:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev76:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev78:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev79:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1289"
}
]
},
"cve": "CVE-2022-1289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1289",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1289",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-1289",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2022-1289",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2733",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1289",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. tildearrow of furnace Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "VULMON",
"id": "CVE-2022-1289"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1289",
"trust": 3.3
},
{
"db": "VULDB",
"id": "196755",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008157",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2733",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-1289",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"id": "VAR-202204-0586",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2023-12-18T13:32:14.554000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "tildearrow Furnace Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189054"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-1289 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"trust": 2.5,
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"trust": 2.5,
"url": "https://vuldb.com/?id.196755"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1289"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1289/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-1289"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"date": "2022-04-10T16:15:07.847000",
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"date": "2022-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1289"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008157"
},
{
"date": "2023-03-07T22:38:43.943000",
"db": "NVD",
"id": "CVE-2022-1289"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "tildearrow\u00a0 of \u00a0furnace\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008157"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2733"
}
],
"trust": 0.6
}
}
VAR-202204-0791
Vulnerability from variot - Updated: 2023-12-18 12:26A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. tildearrow of furnace Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. The tildearrow Furnace is a multi-SoC tuning tracker compatible with the DefleMask module. The vulnerability stems from the incorrect processing of input error messages. Remote attackers can exploit this vulnerability to cause stack-based overflow and crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0791",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "furnace",
"scope": "eq",
"trust": 1.8,
"vendor": "tildearrow",
"version": "dev73"
},
{
"model": "furnace",
"scope": null,
"trust": 0.8,
"vendor": "tildearrow",
"version": null
},
{
"model": "furnace",
"scope": "eq",
"trust": 0.8,
"vendor": "tildearrow",
"version": null
},
{
"model": "furnace tildearrow furnace dev73",
"scope": null,
"trust": 0.6,
"vendor": "tildearrow",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tildearrow:furnace:dev73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1211"
}
]
},
"cve": "CVE-2022-1211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1211",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-81365",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1211",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-1211",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2022-1211",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2022-81365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-1861",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1211",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"db": "VULMON",
"id": "CVE-2022-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. tildearrow of furnace Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. The tildearrow Furnace is a multi-SoC tuning tracker compatible with the DefleMask module. The vulnerability stems from the incorrect processing of input error messages. Remote attackers can exploit this vulnerability to cause stack-based overflow and crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"db": "VULMON",
"id": "CVE-2022-1211"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1211",
"trust": 3.9
},
{
"db": "VULDB",
"id": "196371",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-81365",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1861",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-1211",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"db": "VULMON",
"id": "CVE-2022-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
]
},
"id": "VAR-202204-0791",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
}
]
},
"last_update_date": "2023-12-18T12:26:16.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-1289 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1211"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://drive.google.com/file/d/1h111bevcwg8f99jrffo7_hkyehm7qgvb/view?usp=sharing"
},
{
"trust": 2.5,
"url": "https://vuldb.com/?id.196371"
},
{
"trust": 2.5,
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1211"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1211/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-1289"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"db": "VULMON",
"id": "CVE-2022-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"db": "VULMON",
"id": "CVE-2022-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"date": "2022-04-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1211"
},
{
"date": "2023-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"date": "2022-04-03T12:15:09.133000",
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"date": "2022-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-81365"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1211"
},
{
"date": "2023-07-20T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-007814"
},
{
"date": "2022-04-12T17:39:52.347000",
"db": "NVD",
"id": "CVE-2022-1211"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "tildearrow\u00a0 of \u00a0furnace\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007814"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-1861"
}
],
"trust": 0.6
}
}
FKIE_CVE-2022-1289
Vulnerability from fkie_nvd - Published: 2022-04-10 16:15 - Updated: 2024-11-21 06:40
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce | Patch, Third Party Advisory | |
| cna@vuldb.com | https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655 | Exploit, Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.196755 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.196755 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tildearrow:furnace:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFFA314-6943-4498-B845-E1A1ABCE4E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E015EA7E-4720-4757-96E9-5260CFBC1043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E776BB42-A08E-4F3C-947D-332DCB2CBF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "051B2A23-EDCF-4539-9CA8-E5714F6F6DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE66467-B30B-4B77-BB41-6A4C647E457B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D42E6328-AF1D-45D9-9DBB-382E8EDE3E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E76E15CA-9D90-4B4C-B987-E8608AA60236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F20B01FD-07A2-4D09-AAE5-11E464D4454B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50763220-BBF6-4CB5-8E05-150B53714F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB16783-A272-4E66-AF78-17B024DCEA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6689F024-5C0F-42DC-B048-20268EBE49AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC4CEB4-803F-4D09-905C-270617E56336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.5:real:*:*:*:*:*:*",
"matchCriteriaId": "7ADEB444-C64D-48EF-8F4E-BA88BD8509B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A54674-881E-4448-83A8-9FF06E58ECCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8660DE-0B05-48C0-80D5-970EFA31E9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDBEA41-070A-43B9-A2C6-C168D3C70AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76BA3B0D-EDC6-4B79-8DDC-09360E93F6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B25DEC4B-7531-40D8-B476-7C9FE8762515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA49882-11C5-4F54-AEEE-415F3DC68406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "198DFD86-6858-41F0-8AA5-CC85F1A27E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "767CA8B0-9454-4F06-A12E-D7C4555E8BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E33824AB-E32F-4F82-9E51-138B3183DA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.7:-:*:*:*:*:*:*",
"matchCriteriaId": "541CF21B-7719-42CB-97F1-CB7AF2F77FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.7:pre4:*:*:*:*:*:*",
"matchCriteriaId": "CD522023-C8DF-4BEA-911F-DE65428FCF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B8952D4C-334E-43D6-B6B8-0E9EC7F2253B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:0.6:pre0:*:*:*:*:*:*",
"matchCriteriaId": "3F99C267-EA7C-4ADA-8BE9-7E51D143B5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev5:*:*:*:*:*:*:*",
"matchCriteriaId": "73F24C96-A83E-4F53-B852-9262C7CFC387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5A5017-B4F4-480E-9CED-ADF09100A4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev7:*:*:*:*:*:*:*",
"matchCriteriaId": "A726A198-CBBD-4FAE-B3D7-C51F0F3D10B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev8:*:*:*:*:*:*:*",
"matchCriteriaId": "05E6200E-5061-4F71-9FD8-E19F9F6D2557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev9:*:*:*:*:*:*:*",
"matchCriteriaId": "9934631B-564C-4823-B509-75DA02940CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev10:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEAE377-ED50-4A3B-971A-BDB1780EE242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev62:*:*:*:*:*:*:*",
"matchCriteriaId": "065CEC21-3C18-476F-B714-E2F20233F296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev63:*:*:*:*:*:*:*",
"matchCriteriaId": "9D67EC62-0FFD-4951-BA17-633DCD5C65C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev64:*:*:*:*:*:*:*",
"matchCriteriaId": "87E9A121-6A91-4636-8453-3CFC6FA24B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev65:*:*:*:*:*:*:*",
"matchCriteriaId": "67EFBF91-2CF9-4095-B8DF-425AE1917A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev66:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D41EEE-621B-4366-9097-27EF1472B38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev67:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAF3983-5034-4095-9221-C464EBE6A0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev68:*:*:*:*:*:*:*",
"matchCriteriaId": "A145138D-19AB-4290-B145-DBB9DFB025D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev69:*:*:*:*:*:*:*",
"matchCriteriaId": "3F812509-1F77-4024-85EB-CDD325BFCE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev70:*:*:*:*:*:*:*",
"matchCriteriaId": "F60A5D1D-4B4C-4B67-B541-A5F14ACB820A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev71:*:*:*:*:*:*:*",
"matchCriteriaId": "45C270A3-E380-4022-861D-6697DB73D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev72:*:*:*:*:*:*:*",
"matchCriteriaId": "7A015763-407E-4283-9A39-4CFB9D699110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev73:*:*:*:*:*:*:*",
"matchCriteriaId": "48D91A45-1102-4081-BBEC-ED6CD9DF6689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev75:*:*:*:*:*:*:*",
"matchCriteriaId": "7F9BFF65-6CB4-4466-B8C1-3584FEBCB626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev76:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB48FE2-3476-4180-8754-724A153DF5C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev77:*:*:*:*:*:*:*",
"matchCriteriaId": "0B8C8373-5E16-493C-B736-26C2676782D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev78:*:*:*:*:*:*:*",
"matchCriteriaId": "37EF1C85-71ED-4592-AF40-88CA608761F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev79:*:*:*:*:*:*:*",
"matchCriteriaId": "73FED9B5-3C85-4C59-B2F7-AC96439A52D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev80:*:*:*:*:*:*:*",
"matchCriteriaId": "E53F9DDD-249D-4BD1-8AC9-D361508E8487",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad de denegaci\u00f3n de servicio en tildearrow Furnace. Ha sido clasificada como problem\u00e1tica. Esto es debido a una correcci\u00f3n incompleta de CVE-2022-1211. Es posible iniciar el ataque de forma remota, pero requiere una interacci\u00f3n del usuario. El problema ha sido corregido con el parche 0eb02422d5161767e9983bdaa5c429762d3477ce"
}
],
"id": "CVE-2022-1289",
"lastModified": "2024-11-21T06:40:25.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-10T16:15:07.847",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.196755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.196755"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1211
Vulnerability from fkie_nvd - Published: 2022-04-03 12:15 - Updated: 2024-11-21 06:40
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing | Third Party Advisory | |
| cna@vuldb.com | https://github.com/tildearrow/furnace/issues/325 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.196371 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tildearrow/furnace/issues/325 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.196371 | Permissions Required, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tildearrow | furnace | dev73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tildearrow:furnace:dev73:*:*:*:*:*:*:*",
"matchCriteriaId": "48D91A45-1102-4081-BBEC-ED6CD9DF6689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en tildearrow Furnace versi\u00f3n dev73. Esto afecta al convertidor de FUR a VGM en modo consola, lo que causa desbordamientos en la regi\u00f3n stack de la memoria y bloqueos. Es posible iniciar el ataque de forma remota, pero requiere la interacci\u00f3n del usuario. Un POC ha sido revelado al p\u00fablico y puede ser usado"
}
],
"id": "CVE-2022-1211",
"lastModified": "2024-11-21T06:40:15.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-03T12:15:09.133",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.196371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tildearrow/furnace/issues/325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.196371"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}