5.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-38306

GHSA ID

GHSA-52xx-r3g2-p8jm

EPSS Score

0.14267%

CWE

CWE-787

Published

9/14/2022

Updated

1/29/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-38306

CVE-2022-38306: LIEF vulnerable to heap based buffer overflow

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. Commit 53bf680ef494a835e2c4a5de328ca85416a03a5a contains a patch.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-38306

CVE-2022-38306:

5.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-38306

GHSA ID

GHSA-52xx-r3g2-p8jm

EPSS Score

0.14267%

CWE

CWE-787

Published

9/14/2022

Updated

1/29/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
lief	pip	>= 0, <= 0.12.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerable function is identified by analyzing the patch provided in the commit diff. The change indicates a fix for a heap-buffer overflow vulnerability in the CorePrPsInfo::parse_() function, which is a template function instantiated for both ELF32 and ELF64. The original code's vulnerability and the patch's mitigation are directly related to how the pr_fname field is handled.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-38306: LIEF vulnerable to heap based buffer overflow

CVE-2022-38306:

5.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

5.5

5.5

Technical Details

Basic Information

Basic Information

CVE-2022-38306: LIEF vulnerable to heap based buffer overflow

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI