Main Vulnerability Database Vulnerabilities #VU63342

#VU63342 Integer overflow in Spring Security - CVE-2022-22976

Published: May 17, 2022 / Updated: May 17, 2022

Vulnerability identifier: #VU63342

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2022-22976

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Spring Security

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in BCrypt class with the maximum work factor (31) for BCryptPasswordEncoder. The encoder does not perform any salt rounds, which weakens encryption capabilities of the software.

Remediation

Install updates from vendor's website.

External links

https://tanzu.vmware.com/security/cve-2022-22976

#VU63342 Integer overflow in Spring Security - CVE-2022-22976

Description

Remediation

External links

Please verify you're human