Details of VAR-202302-1322

ID

VAR-202302-1322

CVE

CVE-2022-34843

TITLE

Intel's Intel Trace Analyzer and Collector Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019920

DESCRIPTION

Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34843 // JVNDB: JVNDB-2022-019920 // VULHUB: VHN-431269 // VULMON: CVE-2022-34843

AFFECTED PRODUCTS

vendor:	intel	model:	trace analyzer and collector	scope:	lt	version:	2021.5	Trust: 1.0
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	2021.5	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel trace analyzer and collector	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019920 // NVD: CVE-2022-34843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34843
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-34843
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34843
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1473
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34843
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-34843
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.3
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34843
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019920 // CNNVD: CNNVD-202302-1473 // NVD: CVE-2022-34843 // NVD: CVE-2022-34843

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-431269 // JVNDB: JVNDB-2022-019920 // NVD: CVE-2022-34843

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1473

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1473

PATCH

title:

Intel Trace Analyzer And Collector Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=227410

Trust: 0.6

sources: CNNVD: CNNVD-202302-1473

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34843	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019920	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1473	Trust: 0.6
db:	VULHUB	id:	VHN-431269	Trust: 0.1
db:	VULMON	id:	CVE-2022-34843	Trust: 0.1

sources: VULHUB: VHN-431269 // VULMON: CVE-2022-34843 // JVNDB: JVNDB-2022-019920 // CNNVD: CNNVD-202302-1473 // NVD: CVE-2022-34843

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00733.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34843	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34843/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-431269 // VULMON: CVE-2022-34843 // JVNDB: JVNDB-2022-019920 // CNNVD: CNNVD-202302-1473 // NVD: CVE-2022-34843

SOURCES

db:	VULHUB	id:	VHN-431269
db:	VULMON	id:	CVE-2022-34843
db:	JVNDB	id:	JVNDB-2022-019920
db:	CNNVD	id:	CNNVD-202302-1473
db:	NVD	id:	CVE-2022-34843

LAST UPDATE DATE

2024-08-14T13:00:02.991000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-431269	date:	2023-03-02T00:00:00
db:	VULMON	id:	CVE-2022-34843	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019920	date:	2023-10-30T05:01:00
db:	CNNVD	id:	CNNVD-202302-1473	date:	2023-03-03T00:00:00
db:	NVD	id:	CVE-2022-34843	date:	2023-03-02T14:50:08.063

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-431269	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-34843	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019920	date:	2023-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202302-1473	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-34843	date:	2023-02-16T21:15:12.823