Details of VAR-202302-1296

ID

VAR-202302-1296

CVE

CVE-2022-34864

TITLE

Intel's Intel Trace Analyzer and Collector Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019765

DESCRIPTION

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34864 // JVNDB: JVNDB-2022-019765 // VULHUB: VHN-431288 // VULMON: CVE-2022-34864

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2021.5	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	2021.5	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019765 // NVD: CVE-2022-34864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34864
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-34864
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34864
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1471
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34864
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-34864
baseSeverity:	MEDIUM
baseScore:	4.2
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34864
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019765 // CNNVD: CNNVD-202302-1471 // NVD: CVE-2022-34864 // NVD: CVE-2022-34864

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-431288 // JVNDB: JVNDB-2022-019765 // NVD: CVE-2022-34864

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1471

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1471

PATCH

title:

ecIntel Trace Analyzer And Collector to Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227311

Trust: 0.6

sources: CNNVD: CNNVD-202302-1471

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34864	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019765	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1471	Trust: 0.6
db:	VULHUB	id:	VHN-431288	Trust: 0.1
db:	VULMON	id:	CVE-2022-34864	Trust: 0.1

sources: VULHUB: VHN-431288 // VULMON: CVE-2022-34864 // JVNDB: JVNDB-2022-019765 // CNNVD: CNNVD-202302-1471 // NVD: CVE-2022-34864

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00733.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34864	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34864/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-431288 // VULMON: CVE-2022-34864 // JVNDB: JVNDB-2022-019765 // CNNVD: CNNVD-202302-1471 // NVD: CVE-2022-34864

SOURCES

db:	VULHUB	id:	VHN-431288
db:	VULMON	id:	CVE-2022-34864
db:	JVNDB	id:	JVNDB-2022-019765
db:	CNNVD	id:	CNNVD-202302-1471
db:	NVD	id:	CVE-2022-34864

LAST UPDATE DATE

2024-08-14T13:14:54.632000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-431288	date:	2023-03-01T00:00:00
db:	VULMON	id:	CVE-2022-34864	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019765	date:	2023-10-27T06:50:00
db:	CNNVD	id:	CNNVD-202302-1471	date:	2023-03-02T00:00:00
db:	NVD	id:	CVE-2022-34864	date:	2023-03-01T20:19:35.513

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-431288	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-34864	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019765	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202302-1471	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-34864	date:	2023-02-16T21:15:12.953