3.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-4064

GHSA ID

GHSA-3xg8-cc8f-9wv2

EPSS Score

0.50356%

CWE

CWE-74

Published

11/19/2022

Updated

1/29/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-4064

CVE-2022-4064: Unsanitized input leading to code injection in Dalli

A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to apply a patch to fix this issue.

(GitHub Advisory)

3.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-4064

GHSA ID

GHSA-3xg8-cc8f-9wv2

EPSS Score

0.50356%

CWE

CWE-74

Published

11/19/2022

Updated

1/29/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
dalli	rubygems	< 3.2.3	3.2.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from multiple functions in the meta protocol handler that directly interpolated user-controlled parameters (CAS, TTL, delay) into Memcached protocol commands without proper sanitization. The commit 48d594d specifically adds input validation through parse_to_64_bit_int and cas_string methods, addressing injection vectors in these functions. The GHSA advisory and CWE-74 classification confirm the injection vulnerability pattern through unneutralized special elements in downstream commands.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in **lli. *****t** is t** *un*tion s*l*.m*t*_s*t o* t** *il* li*/**lli/proto*ol/m*t*/r*qu*st_*orm*tt*r.r* o* t** *ompon*nt M*t* Proto*ol **n*l*r. T** m*nipul*tion l***s to inj**tion. T** *xploit **s ***n *is*los** to t** pu*

Reasoning

T** vuln*r**ility st*mm** *rom multipl* *un*tions in t** m*t* proto*ol **n*l*r t**t *ir**tly int*rpol*t** us*r-*ontroll** p*r*m*t*rs (**S, TTL, **l*y) into M*m****** proto*ol *omm*n*s wit*out prop*r s*nitiz*tion. T** *ommit ******* sp**i*i**lly ***s

3.7

Basic Information

Concerned about an active attack path?

CVE-2022-4064: Unsanitized input leading to code injection in Dalli

3.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI