CVE-2022-26507 Information
Jun 07, 2022
cve
Description
UNSUPPORTED WHEN ASSIGNED A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810 CVE-2021-21811 CVE-2021-21812 CVE-2021-21815 CVE-2021-21825 CVE-2021-21826 CVE-2021-21828 CVE-2021-21829 or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://Claroty.com https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: