Miggo Logo
Miggo Vulnerability Database
CVE-2022-3715

CVE-2022-3715: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid...

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-3715
GHSA ID
GHSA-cr4j-fv7c-759c
EPSS Score
0.14441%
CWE
CWE-119
Published
1/5/2023
Updated
1/29/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the ASAN stack trace and patch diff provided in the linked Bugzilla report (https://bugzilla.redhat.com/show_bug.cgi?id=2126720, comment #7) and the GNU bug-bash mailing list (https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html). These sources clearly identify the function valid_parameter_transform in subst.c as the location of the out-of-bounds read. The ASAN report specifies the exact line and nature of the read, and the patch shows the precise code change that mitigates the vulnerability by adding a check for xform[0] before accessing xform[1].

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in t** **s* p**k***, w**r* * ***p-*u***r ov*r*low **n o**ur in v*li* p*r*m*t*r_tr*ns*orm. T*is issu* m*y l*** to m*mory pro*l*ms.

Reasoning

T** *n*lysis is **s** on t** *S*N st**k tr*** *n* p*t** *i** provi*** in t** link** *u*zill* r*port (*ttps://*u*zill*.r****t.*om/s*ow_*u*.**i?i*=*******, *omm*nt #*) *n* t** *NU *u*-**s* m*ilin* list (*ttps://lists.*nu.or*/*r**iv*/*tml/*u*-**s*/****-