ID

VAR-202205-1540


CVE

CVE-2022-30065


TITLE

BusyBox  of  BusyBox  Vulnerability related to use of freed memory in products from other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-010126

DESCRIPTION

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. BusyBox of BusyBox Products from multiple other vendors contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // VULMON: CVE-2022-30065

AFFECTED PRODUCTS

vendor:siemensmodel:scalance sc626-2cscope:ltversion:3.0

Trust: 1.0

vendor:busyboxmodel:busyboxscope:eqversion:1.35.0

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:3.0

Trust: 1.0

vendor:シーメンスmodel:scalance sc-636-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-642-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-632-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-646-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc626-2cscope: - version: -

Trust: 0.8

vendor:busyboxmodel:busyboxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010126 // NVD: CVE-2022-30065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-30065
value: HIGH

Trust: 1.0

NVD: CVE-2022-30065
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202205-3676
value: HIGH

Trust: 0.6

VULMON: CVE-2022-30065
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-30065
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2022-30065
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-30065
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // CNNVD: CNNVD-202205-3676 // NVD: CVE-2022-30065

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-010126 // NVD: CVE-2022-30065

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3676

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3676

PATCH

title:BusyBox Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=194591

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-30065

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-30065

Trust: 0.1

title: - url:https://github.com/KazKobara/dockerfile_fswiki_local

Trust: 0.1

title: - url:https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc

Trust: 0.1

sources: VULMON: CVE-2022-30065 // CNNVD: CNNVD-202205-3676

EXTERNAL IDS

db:NVDid:CVE-2022-30065

Trust: 3.3

db:SIEMENSid:SSA-333517

Trust: 2.5

db:ICS CERTid:ICSA-22-349-18

Trust: 0.9

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-010126

Trust: 0.8

db:AUSCERTid:ESB-2022.6430

Trust: 0.6

db:AUSCERTid:ESB-2022.6310

Trust: 0.6

db:AUSCERTid:ESB-2023.2163

Trust: 0.6

db:CNNVDid:CNNVD-202205-3676

Trust: 0.6

db:VULMONid:CVE-2022-30065

Trust: 0.1

sources: VULMON: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // CNNVD: CNNVD-202205-3676 // NVD: CVE-2022-30065

REFERENCES

url:https://bugs.busybox.net/show_bug.cgi?id=14781

Trust: 2.5

url:https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

Trust: 2.5

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-30065

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.2163

Trust: 0.6

url:https://vigilance.fr/vulnerability/busybox-reuse-after-free-via-awk-applet-39999

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6430

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6310

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-30065/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2022-30065

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30065

Trust: 0.1

sources: VULMON: CVE-2022-30065 // JVNDB: JVNDB-2022-010126 // CNNVD: CNNVD-202205-3676 // NVD: CVE-2022-30065

SOURCES

db:VULMONid:CVE-2022-30065
db:JVNDBid:JVNDB-2022-010126
db:CNNVDid:CNNVD-202205-3676
db:NVDid:CVE-2022-30065

LAST UPDATE DATE

2024-08-14T12:49:29.220000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-30065date:2023-02-11T00:00:00
db:JVNDBid:JVNDB-2022-010126date:2023-08-10T08:25:00
db:CNNVDid:CNNVD-202205-3676date:2023-04-17T00:00:00
db:NVDid:CVE-2022-30065date:2023-02-11T17:44:54.010

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-30065date:2022-05-18T00:00:00
db:JVNDBid:JVNDB-2022-010126date:2023-08-10T00:00:00
db:CNNVDid:CNNVD-202205-3676date:2022-05-18T00:00:00
db:NVDid:CVE-2022-30065date:2022-05-18T15:15:10.240