Details of VAR-202202-0449

ID

VAR-202202-0449

CVE

CVE-2022-21133

TITLE

Intel(R) Trace Analyzer and Collector Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005080

DESCRIPTION

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. Intel Trace Analyzer And Collector is a trace analyzer and collector of Intel Corporation. Used to analyze Mpi behavior in parallel applications. An attacker could exploit this vulnerability to cause denial of service or information disclosure

Trust: 1.8

sources: NVD: CVE-2022-21133 // JVNDB: JVNDB-2022-005080 // VULHUB: VHN-407681 // VULMON: CVE-2022-21133

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2021.5	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	2021.5	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005080 // NVD: CVE-2022-21133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21133
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-21133
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-760
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-407681
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-21133
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-21133
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-407681
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-21133
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-21133
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-407681 // VULMON: CVE-2022-21133 // JVNDB: JVNDB-2022-005080 // CNNVD: CNNVD-202202-760 // NVD: CVE-2022-21133

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-407681 // JVNDB: JVNDB-2022-005080 // NVD: CVE-2022-21133

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-760

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202202-760

PATCH

title:	INTEL-SA-00639	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html	Trust: 0.8
title:	Intel Trace Analyzer And Collector Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182193	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21133 // JVNDB: JVNDB-2022-005080 // CNNVD: CNNVD-202202-760

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21133	Trust: 3.4
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005080	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-760	Trust: 0.7
db:	CS-HELP	id:	SB2022020911	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0548	Trust: 0.6
db:	VULHUB	id:	VHN-407681	Trust: 0.1
db:	VULMON	id:	CVE-2022-21133	Trust: 0.1

sources: VULHUB: VHN-407681 // VULMON: CVE-2022-21133 // JVNDB: JVNDB-2022-005080 // CNNVD: CNNVD-202202-760 // NVD: CVE-2022-21133

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00639.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21133	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020911	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0548	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-407681 // VULMON: CVE-2022-21133 // JVNDB: JVNDB-2022-005080 // CNNVD: CNNVD-202202-760 // NVD: CVE-2022-21133

SOURCES

db:	VULHUB	id:	VHN-407681
db:	VULMON	id:	CVE-2022-21133
db:	JVNDB	id:	JVNDB-2022-005080
db:	CNNVD	id:	CNNVD-202202-760
db:	NVD	id:	CVE-2022-21133

LAST UPDATE DATE

2024-11-23T21:02:49.398000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-407681	date:	2022-02-15T00:00:00
db:	VULMON	id:	CVE-2022-21133	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005080	date:	2023-05-17T07:38:00
db:	CNNVD	id:	CNNVD-202202-760	date:	2022-02-22T00:00:00
db:	NVD	id:	CVE-2022-21133	date:	2024-11-21T06:43:57.853

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-407681	date:	2022-02-09T00:00:00
db:	VULMON	id:	CVE-2022-21133	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005080	date:	2023-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202202-760	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2022-21133	date:	2022-02-09T23:15:17.783