定价企业版

CVE-2022-34295

6.5MEDIUM

totd before 1.5.3 does not properly randomize mesg IDs.

发布于: 6/23/2022更新于: 11/21/2024

在NVD查看在MITRE查看

描述

totd before 1.5.3 does not properly randomize mesg IDs.

AI分析AI驱动

受影响产品

totd_projecttotd

参考资料

http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf
ExploitTechnical DescriptionThird Party Advisory
https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399
PatchThird Party Advisory
https://github.com/fwdillema/totd/releases/tag/1.5.3
PatchRelease NotesThird Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Vendor Advisory
http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf
ExploitTechnical DescriptionThird Party Advisory
https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399
PatchThird Party Advisory
https://github.com/fwdillema/totd/releases/tag/1.5.3
PatchRelease NotesThird Party Advisory
https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Vendor Advisory