Lucene search

[email protected]CVE-2022-41568

HistoryNov 29, 2022 - 5:15 a.m.

CVE-2022-41568

2022-11-2905:15:00

CWE-400

[email protected]

web.nvd.nist.gov

cve-2022-41568

line

ios

e2ee

crash

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

36.5%

JSON

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.

CPENameOperatorVersion
linecorp:linelinecorp linelt12.17.0

CPE	Name	Operator	Version
linecorp:line	linecorp line	lt	12.17.0

References

hackerone.com/reports/1701642

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVE-2022-41568

hackerone1 prion1 cnvd1 cvelist1