Main Vulnerability Database Vulnerabilities #VU68471

#VU68471 Integer overflow in Oracle VM VirtualBox - CVE-2022-39425

Published: October 19, 2022 / Updated: November 23, 2022

Vulnerability identifier: #VU68471

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2022-39425

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Oracle VM VirtualBox

Software vendor:
Oracle

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when handling USB Request Block messages. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.oracle.com/security-alerts/cpuoct2022.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1445/

#VU68471 Integer overflow in Oracle VM VirtualBox - CVE-2022-39425

Description

Remediation

External links

Please verify you're human