CVE-2022-35020: Buffer Overflow
First published: Mon Aug 29 2022(Updated: )
Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advancemame Advancecomp | =2.3 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://drive.google.com/file/d/1ScTmAEmHSHvmyDnELYV1DzQTAAAm7XS9/view?usp=sharing
- https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/
Frequently Asked Questions
What is CVE-2022-35020?
CVE-2022-35020 is a vulnerability in Advancecomp v2.3 that allows a heap buffer overflow via the component __interceptor_memcpy.
What is the severity of CVE-2022-35020?
CVE-2022-35020 has a severity level of medium with a CVSS score of 5.5.
Which software versions are affected by CVE-2022-35020?
Advancecomp v2.3, Fedora 35, Fedora 36, and Fedora 37 are affected by CVE-2022-35020.
How can I fix CVE-2022-35020?
To fix CVE-2022-35020, it is recommended to update to a patched version of Advancecomp or apply the necessary security patches provided by the software vendor.
Where can I find more information about CVE-2022-35020?
You can find more information about CVE-2022-35020 in the references provided: [Reference 1](https://drive.google.com/file/d/1ScTmAEmHSHvmyDnELYV1DzQTAAAm7XS9/view?usp=sharing), [Reference 2](https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/)
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/advancemame
- canonical/advancemame advancecomp
- version/advancemame advancecomp/2.3
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37