Details of VAR-202202-0447

ID

VAR-202202-0447

CVE

CVE-2022-21226

TITLE

Intel(R) Trace Analyzer and Collector Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005073

DESCRIPTION

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. Used to analyze Mpi behavior in parallel applications. An attacker could exploit this vulnerability to cause denial of service or information disclosure

Trust: 1.8

sources: NVD: CVE-2022-21226 // JVNDB: JVNDB-2022-005073 // VULHUB: VHN-408088 // VULMON: CVE-2022-21226

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2021.5	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	2021.5	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005073 // NVD: CVE-2022-21226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21226
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-21226
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-763
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-408088
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-21226
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-21226
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-408088
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-21226
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-21226
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-408088 // VULMON: CVE-2022-21226 // JVNDB: JVNDB-2022-005073 // CNNVD: CNNVD-202202-763 // NVD: CVE-2022-21226

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-408088 // JVNDB: JVNDB-2022-005073 // NVD: CVE-2022-21226

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-763

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-763

PATCH

title:	INTEL-SA-00639	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html	Trust: 0.8
title:	Intel Trace Analyzer And Collector Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182196	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21226 // JVNDB: JVNDB-2022-005073 // CNNVD: CNNVD-202202-763

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21226	Trust: 3.4
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005073	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-763	Trust: 0.7
db:	CS-HELP	id:	SB2022020911	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0548	Trust: 0.6
db:	VULHUB	id:	VHN-408088	Trust: 0.1
db:	VULMON	id:	CVE-2022-21226	Trust: 0.1

sources: VULHUB: VHN-408088 // VULMON: CVE-2022-21226 // JVNDB: JVNDB-2022-005073 // CNNVD: CNNVD-202202-763 // NVD: CVE-2022-21226

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21226	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020911	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0548	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-408088 // VULMON: CVE-2022-21226 // JVNDB: JVNDB-2022-005073 // CNNVD: CNNVD-202202-763 // NVD: CVE-2022-21226

SOURCES

db:	VULHUB	id:	VHN-408088
db:	VULMON	id:	CVE-2022-21226
db:	JVNDB	id:	JVNDB-2022-005073
db:	CNNVD	id:	CNNVD-202202-763
db:	NVD	id:	CVE-2022-21226

LAST UPDATE DATE

2024-11-23T21:19:20.901000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-408088	date:	2022-02-15T00:00:00
db:	VULMON	id:	CVE-2022-21226	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005073	date:	2023-05-17T07:29:00
db:	CNNVD	id:	CNNVD-202202-763	date:	2022-02-22T00:00:00
db:	NVD	id:	CVE-2022-21226	date:	2024-11-21T06:44:08.980

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-408088	date:	2022-02-09T00:00:00
db:	VULMON	id:	CVE-2022-21226	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005073	date:	2023-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202202-763	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2022-21226	date:	2022-02-09T23:15:18.197