CVE-2022-3349

Summary

A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679.

Affected Software

VendorProductVersion RangeStatus
SonyPS4n/aaffected
SonyPS5n/aaffected

Weaknesses

  • CWE-119: CWE-119 Memory Corruption -> CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References