Details of VAR-202205-1540

ID

VAR-202205-1540

CVE

CVE-2022-30065

TITLE

BusyBox of BusyBox Vulnerability related to use of freed memory in products from other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-010126

DESCRIPTION

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. BusyBox of BusyBox Products from multiple other vendors contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // VULMON: CVE-2022-30065

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance sc626-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	busybox	model:	busybox	scope:	eq	version:	1.35.0	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	3.0	Trust: 1.0
vendor:	シーメンス	model:	scalance sc-636-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-642-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-622-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-632-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-646-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc626-2c	scope:	-	version:	-	Trust: 0.8
vendor:	busybox	model:	busybox	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010126 // NVD: CVE-2022-30065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-30065
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-30065
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3676
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-30065
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-30065
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2022-30065
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-30065
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // CNNVD: CNNVD-202205-3676 // NVD: CVE-2022-30065

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-010126 // NVD: CVE-2022-30065

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3676

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3676

PATCH

title:	BusyBox Remediation of resource management error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=194591	Trust: 0.6
title:	Red Hat:	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-30065	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-30065	Trust: 0.1
title:	-	url:	https://github.com/KazKobara/dockerfile_fswiki_local	Trust: 0.1
title:	-	url:	https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc	Trust: 0.1

sources: VULMON: CVE-2022-30065 // CNNVD: CNNVD-202205-3676

EXTERNAL IDS

db:	NVD	id:	CVE-2022-30065	Trust: 3.3
db:	SIEMENS	id:	SSA-333517	Trust: 2.5
db:	ICS CERT	id:	ICSA-22-349-18	Trust: 0.9
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-010126	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.6430	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6310	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.2163	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3676	Trust: 0.6
db:	VULMON	id:	CVE-2022-30065	Trust: 0.1

sources: VULMON: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // CNNVD: CNNVD-202205-3676 // NVD: CVE-2022-30065

REFERENCES

url:	https://bugs.busybox.net/show_bug.cgi?id=14781	Trust: 2.5
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf	Trust: 2.5
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30065	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.2163	Trust: 0.6
url:	https://vigilance.fr/vulnerability/busybox-reuse-after-free-via-awk-applet-39999	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6430	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6310	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-30065/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2022-30065	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30065	Trust: 0.1

sources: VULMON: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // CNNVD: CNNVD-202205-3676 // NVD: CVE-2022-30065

SOURCES

db:	VULMON	id:	CVE-2022-30065
db:	JVNDB	id:	JVNDB-2022-010126
db:	CNNVD	id:	CNNVD-202205-3676
db:	NVD	id:	CVE-2022-30065

LAST UPDATE DATE

2024-08-14T12:49:29.220000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-30065	date:	2023-02-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-010126	date:	2023-08-10T08:25:00
db:	CNNVD	id:	CNNVD-202205-3676	date:	2023-04-17T00:00:00
db:	NVD	id:	CVE-2022-30065	date:	2023-02-11T17:44:54.010

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-30065	date:	2022-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-010126	date:	2023-08-10T00:00:00
db:	CNNVD	id:	CNNVD-202205-3676	date:	2022-05-18T00:00:00
db:	NVD	id:	CVE-2022-30065	date:	2022-05-18T15:15:10.240