Details of VAR-202202-0448

ID

VAR-202202-0448

CVE

CVE-2022-21156

TITLE

Intel(R) Trace Analyzer and Collector Vulnerability in accessing uninitialized pointers in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005079

DESCRIPTION

Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. Intel Trace Analyzer And Collector is a trace analyzer and collector of Intel Corporation. Used to analyze Mpi behavior in parallel applications. An attacker could exploit this vulnerability to cause denial of service or information disclosure

Trust: 1.8

sources: NVD: CVE-2022-21156 // JVNDB: JVNDB-2022-005079 // VULHUB: VHN-408079 // VULMON: CVE-2022-21156

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2021.5	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	2021.5	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005079 // NVD: CVE-2022-21156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21156
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-21156
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-761
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-408079
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-21156
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-21156
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-408079
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-21156
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-21156
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-408079 // VULMON: CVE-2022-21156 // JVNDB: JVNDB-2022-005079 // CNNVD: CNNVD-202202-761 // NVD: CVE-2022-21156

PROBLEMTYPE DATA

problemtype:	CWE-824	Trust: 1.1
problemtype:	Accessing uninitialized pointers (CWE-824) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-408079 // JVNDB: JVNDB-2022-005079 // NVD: CVE-2022-21156

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-761

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-761

PATCH

title:	INTEL-SA-00639	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html	Trust: 0.8
title:	Intel Trace Analyzer And Collector Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182194	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21156 // JVNDB: JVNDB-2022-005079 // CNNVD: CNNVD-202202-761

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21156	Trust: 3.4
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005079	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-761	Trust: 0.7
db:	CS-HELP	id:	SB2022020911	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0548	Trust: 0.6
db:	VULHUB	id:	VHN-408079	Trust: 0.1
db:	VULMON	id:	CVE-2022-21156	Trust: 0.1

sources: VULHUB: VHN-408079 // VULMON: CVE-2022-21156 // JVNDB: JVNDB-2022-005079 // CNNVD: CNNVD-202202-761 // NVD: CVE-2022-21156

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21156	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020911	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0548	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/824.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-408079 // VULMON: CVE-2022-21156 // JVNDB: JVNDB-2022-005079 // CNNVD: CNNVD-202202-761 // NVD: CVE-2022-21156

SOURCES

db:	VULHUB	id:	VHN-408079
db:	VULMON	id:	CVE-2022-21156
db:	JVNDB	id:	JVNDB-2022-005079
db:	CNNVD	id:	CNNVD-202202-761
db:	NVD	id:	CVE-2022-21156

LAST UPDATE DATE

2024-11-23T20:49:28.480000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-408079	date:	2022-02-15T00:00:00
db:	VULMON	id:	CVE-2022-21156	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005079	date:	2023-05-17T07:38:00
db:	CNNVD	id:	CNNVD-202202-761	date:	2022-02-22T00:00:00
db:	NVD	id:	CVE-2022-21156	date:	2024-11-21T06:44:00.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-408079	date:	2022-02-09T00:00:00
db:	VULMON	id:	CVE-2022-21156	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005079	date:	2023-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202202-761	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2022-21156	date:	2022-02-09T23:15:17.867