Main Vulnerability Database Exploits ID:7858 - Exploit for Integer overflow in Spring Security - CVE-2022-22976

ID:7858 - Exploit for Integer overflow in Spring Security - CVE-2022-22976

Published: May 17, 2022

Vulnerability identifier: #VU63342

Vulnerability risk: Low

CVE-ID: CVE-2022-22976

CWE-ID: CWE-190

Exploitation vector: Remote access

Vulnerable software:
Spring Security

Link to public exploit:

https://github.com/spring-io/cve-2022-22976-bcrypt-skips-salt

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in BCrypt class with the maximum work factor (31) for BCryptPasswordEncoder. The encoder does not perform any salt rounds, which weakens encryption capabilities of the software.

Remediation

Install updates from vendor's website.

ID:7858 - Exploit for Integer overflow in Spring Security - CVE-2022-22976

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human