CVE-2022-22820

Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://hackerone.com/reports/1357400	Permissions Required
https://hackerone.com/reports/1357400	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:linecorp:line:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2022-01-20 12:15

Updated : 2024-11-21 06:47

NVD link : CVE-2022-22820

Mitre link : CVE-2022-22820

CVE.ORG link : CVE-2022-22820

JSON object : View

Products Affected

linecorp

line

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2022-22820", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-01-20T12:15:08.727", "references": [{"url": "https://hackerone.com/reports/1357400", "tags": ["Permissions Required"], "source": "dl_cve@linecorp.com"}, {"url": "https://hackerone.com/reports/1357400", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4."}, {"lang": "es", "value": "Debido a una falta de comprobaciones de archivos multimedia antes de la renderizaci\u00f3n, era posible que un atacante causara un consumo anormal de CPU para el destinatario del mensaje mediante el env\u00edo de una imagen gif especialmente dise\u00f1ada en LINE para Windows versiones anteriores a 7.4"}], "lastModified": "2024-11-21T06:47:31.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linecorp:line:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "61717960-C6DB-4540-9202-E2C541770836", "versionEndExcluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "dl_cve@linecorp.com"}