Home > Vulnerability Database > CVE-2022-46378

Mend.io Vulnerability Database

CVE-2022-46378

Date: May 10, 2023

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the "PORT" command.

Language: C

Severity Score

6.5

Related Resources (4)

Url: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1681

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46378

Url: https://github.com/weston-embedded/uC-FTPs/pull/2

Url: https://www.mend.io/vulnerability-database/CVE-2022-46378

Severity Score

6.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Use of Out-of-range Pointer Offset

CWE-823

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46378

Date: May 10, 2023

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?