CVE-2022-2652
7.3
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Summary
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| umlaeute | umlaeute/v4l2loopback | unspecified < 0.12.6 | affected |
Weaknesses
- CWE-134: CWE-134 Use of Externally-Controlled Format String
ADP Enrichment
CVE Program Container
Additional References
- https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
- https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd
References
- https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5
- https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.