CVE-2022-29503

Summary

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
AnkerEufy Homebase 22.1.8.8haffected
AnkerEufy Homebase 22.1.8.8haffected
AnkerEufy Homebase 22.1.8.8haffected
AnkerEufy Homebase 22.1.8.8haffected
uClibCuClibC0.9.33.2affected
uClibCuClibC0.9.33.2affected
uClibCuClibC0.9.33.2affected
uClibCuClibC0.9.33.2affected
uClibC-nguClibC-ng1.0.40affected

Weaknesses

  • CWE-119: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References