What is CVE-2022-36313?

CVE-2022-36313 is a vulnerability found in the file-type npm package that could be exploited to cause a denial-of-service (DoS) attack.

What is the severity of CVE-2022-36313?

CVE-2022-36313 has a severity rating of medium (5.5).

How does CVE-2022-36313 affect the file-type package?

CVE-2022-36313 affects the file-type package versions before 16.5.4 and 17.x before 17.1.3 for Node.js.

How can a malformed MKV file exploit CVE-2022-36313?

A malformed MKV file can cause the file type detector in the file-type package to enter an infinite loop, making the application unresponsive and triggering a DoS attack.

How can I fix CVE-2022-36313?

To fix CVE-2022-36313, update the file-type package to version 16.5.4 or 17.1.3, or upgrade to version 18.0.0.

Vulnerability/
CVE-2022-36313

medium

5.5

CWE

835

21/7/2022

3/8/2024

CVE-2022-36313

First published: Thu Jul 21 2022(Updated: )

A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
File-type Project File-type	<16.5.4
File-type Project File-type	>=17.0.0<17.1.3
IBM Cloud Pak for Security	<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software	<=1.10.12.0 - 1.10.16.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-36313?
CVE-2022-36313 is a vulnerability found in the file-type npm package that could be exploited to cause a denial-of-service (DoS) attack.
What is the severity of CVE-2022-36313?
CVE-2022-36313 has a severity rating of medium (5.5).
How does CVE-2022-36313 affect the file-type package?
CVE-2022-36313 affects the file-type package versions before 16.5.4 and 17.x before 17.1.3 for Node.js.
How can a malformed MKV file exploit CVE-2022-36313?
A malformed MKV file can cause the file type detector in the file-type package to enter an infinite loop, making the application unresponsive and triggering a DoS attack.
How can I fix CVE-2022-36313?
To fix CVE-2022-36313, update the file-type package to version 16.5.4 or 17.1.3, or upgrade to version 18.0.0.

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
agent/weakness
agent/references
agent/author
agent/severity
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-36313
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/description
agent/event
collector/ibm-support
source/IBM
vendor/file-type project
canonical/file-type project file-type
version/file-type project file-type/17.0.0
package-manager/redhat
vendor/ibm
canonical/ibm cloud pak for security
version/ibm cloud pak for security/1.10.0.0 - 1.10.11.0
canonical/ibm qradar suite software
version/ibm qradar suite software/1.10.12.0 - 1.10.16.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.