CVE-2022-35020 — Vulnetix

CVE-2022-35020 PUBLISHED CVSS 5.5 MEDIUM

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

EPSS 0.12% · 30.9th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.12%

30.9th percentile

Affected Products

Vendor	Product	Versions
advancemame	advancecomp	2.3
fedoraproject	fedora	36, 37, 35
n/a	n/a	*

Timeline

Aug 29, 2022 CVE Published
Aug 30, 2022 EPSS Score
Oct 14, 2022 EPSS Score
Nov 29, 2022 EPSS Score
Jan 13, 2023 EPSS Score
Feb 28, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 14, 2023 EPSS Score
May 30, 2023 EPSS Score
Jul 14, 2023 EPSS Score
Aug 29, 2023 EPSS Score
Oct 13, 2023 EPSS Score

References

https://drive.google.com/file/d/1ScTmAEmHSHvmyDnELYV1DzQTAAAm7XS9/view?usp=sharing url
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md url
FEDORA-2022-99c00af79f vendor-advisory
FEDORA-2022-6225445e2b vendor-advisory
FEDORA-2022-9032cacb56 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-35020 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE url

Open in Interactive Console →