Vulnerabilities > CVE-2022-30763 - Improper Validation of Array Index vulnerability in Janet-Lang Janet
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Janet before 1.22.0 mishandles arrays.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
References
- https://blog.convisoappsec.com/en/bug-hunting-in-the-janet-language-interpreter/
- https://blog.convisoappsec.com/en/bug-hunting-in-the-janet-language-interpreter/
- https://github.com/janet-lang/janet/compare/v1.21.1...v1.22.0
- https://github.com/janet-lang/janet/compare/v1.21.1...v1.22.0
- https://github.com/janet-lang/janet/releases/tag/v1.22.0
- https://github.com/janet-lang/janet/releases/tag/v1.22.0