Miggo Logo

CVE-2022-39213: Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.37567%
Published
9/16/2022
Updated
2/15/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/pandatix/go-cvssgo>= 0.2.0, < 0.4.00.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the ParseVector function as shown in the panic trace and commit diff analysis. The pre-patch code split the vector into parts and iterated through metric groups using nested slices (slcs). When processing a full 14-component vector, the loop would increment 'slci' beyond the length of the 'slcs' array (length=3, index=3), causing an out-of-bounds read. The patched commit introduced a fixed 'order' array and added a bounds check ('if slci == 4') to prevent this. The exploit example directly triggers this code path, confirming the function's vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W**n * *ull *VSS v*.* v**tor strin* is p*rs** usin* `P*rs*V**tor`, *n Out-o*-*oun*s R*** is possi*l* *u* to * l**k o* t*sts. T** *o mo*ul* will t**n p*ni*. ### P*t***s T** pro*l*m is p*t**** in t** `v*.*.*`, *y t** *ommit `***************

Reasoning

T** vuln*r**ility m*ni**sts in t** `P*rs*V**tor` *un*tion *s s*own in t** p*ni* tr*** *n* *ommit *i** *n*lysis. T** pr*-p*t** *o** split t** v**tor into p*rts *n* it*r*t** t*rou** m*tri* *roups usin* n*st** sli**s (`sl*s`). W**n pro**ssin* * *ull **-