Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for Furnace by tildearrow

    CVE-2026-4732 (GCVE-0-2026-4732)

    Vulnerability from nvd – Published: 2026-03-24 02:50 – Updated: 2026-03-24 18:28
    VLAI
    Title
    Out-of-bounds Read Overflow in tildearrow/furnace
    Summary
    Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow furnace Affected: 0 , < 0.7 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T18:28:05.626315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T18:28:11.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/tildearrow/furnace",
              "defaultStatus": "affected",
              "modules": [
                "\u200eextern/libsndfile-modified/src"
              ],
              "product": "furnace",
              "programFiles": [
                "flac.c\u200e"
              ],
              "vendor": "tildearrow",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in tildearrow furnace (\u200eextern/libsndfile-modified/src modules).\u003cp\u003e This vulnerability is associated with program files flac.C\u200e.\u003c/p\u003e\u003cp\u003eThis issue affects furnace: before 0.7.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read vulnerability in tildearrow furnace (\u200eextern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C\u200e.\n\nThis issue affects furnace: before 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T02:50:36.111Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/tildearrow/furnace/pull/2812"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read Overflow in tildearrow/furnace",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-4732",
        "datePublished": "2026-03-24T02:50:36.111Z",
        "dateReserved": "2026-03-24T02:50:04.359Z",
        "dateUpdated": "2026-03-24T18:28:11.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24800 (GCVE-0-2026-24800)

    Vulnerability from nvd – Published: 2026-01-27 08:33 – Updated: 2026-01-27 17:02
    VLAI
    Title
    A heap-based buffer over-read or buffer overflow in tildearrow/furnace
    Summary
    Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Out-of-bounds Write
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow furnace Affected: 0 , < 0.6.8.3 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T17:02:10.616812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T17:02:21.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/tildearrow/furnace",
              "defaultStatus": "unaffected",
              "modules": [
                "extern/zlib"
              ],
              "product": "furnace",
              "programFiles": [
                "inflate.c"
              ],
              "vendor": "tildearrow",
              "versions": [
                {
                  "lessThan": "0.6.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003einflate.C\u003c/tt\u003e.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:L/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T08:33:16.882Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/tildearrow/furnace/pull/2471"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A heap-based buffer over-read or buffer overflow in tildearrow/furnace",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-24800",
        "datePublished": "2026-01-27T08:33:16.882Z",
        "dateReserved": "2026-01-27T08:18:43.268Z",
        "dateUpdated": "2026-01-27T17:02:21.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1289 (GCVE-0-2022-1289)

    Vulnerability from nvd – Published: 2022-04-10 15:15 – Updated: 2025-04-15 14:41
    VLAI
    Title
    tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service
    Summary
    A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow Furnace Affected: n/a
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.630Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.196755"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1289",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:13:59.249714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T14:41:32.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Furnace",
              "vendor": "tildearrow",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-10T15:15:15.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.196755"
            }
          ],
          "title": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2022-1289",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Furnace",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tildearrow"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-404 Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655",
                  "refsource": "MISC",
                  "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
                },
                {
                  "name": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce",
                  "refsource": "MISC",
                  "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
                },
                {
                  "name": "https://vuldb.com/?id.196755",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.196755"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-1289",
        "datePublished": "2022-04-10T15:15:15.000Z",
        "dateReserved": "2022-04-10T00:00:00.000Z",
        "dateUpdated": "2025-04-15T14:41:32.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1211 (GCVE-0-2022-1211)

    Vulnerability from nvd – Published: 2022-04-03 12:10 – Updated: 2025-04-15 14:42
    VLAI
    Title
    tildearrow Furnace FUR to VGM Converter stack-based overflow
    Summary
    A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow Furnace Affected: dev73
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tildearrow/furnace/issues/325"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.196371"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1211",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:14:02.991823Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T14:42:19.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Furnace",
              "vendor": "tildearrow",
              "versions": [
                {
                  "status": "affected",
                  "version": "dev73"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T12:10:11.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tildearrow/furnace/issues/325"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.196371"
            }
          ],
          "title": "tildearrow Furnace FUR to VGM Converter stack-based overflow",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2022-1211",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "tildearrow Furnace FUR to VGM Converter stack-based overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Furnace",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "dev73"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tildearrow"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "6.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/tildearrow/furnace/issues/325",
                  "refsource": "MISC",
                  "url": "https://github.com/tildearrow/furnace/issues/325"
                },
                {
                  "name": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing",
                  "refsource": "MISC",
                  "url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
                },
                {
                  "name": "https://vuldb.com/?id.196371",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.196371"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-1211",
        "datePublished": "2022-04-03T12:10:11.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2025-04-15T14:42:19.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-4732 (GCVE-0-2026-4732)

    Vulnerability from cvelistv5 – Published: 2026-03-24 02:50 – Updated: 2026-03-24 18:28
    VLAI
    Title
    Out-of-bounds Read Overflow in tildearrow/furnace
    Summary
    Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow furnace Affected: 0 , < 0.7 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4732",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T18:28:05.626315Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T18:28:11.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/tildearrow/furnace",
              "defaultStatus": "affected",
              "modules": [
                "\u200eextern/libsndfile-modified/src"
              ],
              "product": "furnace",
              "programFiles": [
                "flac.c\u200e"
              ],
              "vendor": "tildearrow",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Read vulnerability in tildearrow furnace (\u200eextern/libsndfile-modified/src modules).\u003cp\u003e This vulnerability is associated with program files flac.C\u200e.\u003c/p\u003e\u003cp\u003eThis issue affects furnace: before 0.7.\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Read vulnerability in tildearrow furnace (\u200eextern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C\u200e.\n\nThis issue affects furnace: before 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "PROOF_OF_CONCEPT",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T02:50:36.111Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/tildearrow/furnace/pull/2812"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read Overflow in tildearrow/furnace",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-4732",
        "datePublished": "2026-03-24T02:50:36.111Z",
        "dateReserved": "2026-03-24T02:50:04.359Z",
        "dateUpdated": "2026-03-24T18:28:11.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24800 (GCVE-0-2026-24800)

    Vulnerability from cvelistv5 – Published: 2026-01-27 08:33 – Updated: 2026-01-27 17:02
    VLAI
    Title
    A heap-based buffer over-read or buffer overflow in tildearrow/furnace
    Summary
    Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-787 - Out-of-bounds Write
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow furnace Affected: 0 , < 0.6.8.3 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-27T17:02:10.616812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-27T17:02:21.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/tildearrow/furnace",
              "defaultStatus": "unaffected",
              "modules": [
                "extern/zlib"
              ],
              "product": "furnace",
              "programFiles": [
                "inflate.c"
              ],
              "vendor": "tildearrow",
              "versions": [
                {
                  "lessThan": "0.6.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003einflate.C\u003c/tt\u003e.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Out-of-bounds Write, Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:L/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-27T08:33:16.882Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/tildearrow/furnace/pull/2471"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A heap-based buffer over-read or buffer overflow in tildearrow/furnace",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-24800",
        "datePublished": "2026-01-27T08:33:16.882Z",
        "dateReserved": "2026-01-27T08:18:43.268Z",
        "dateUpdated": "2026-01-27T17:02:21.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-1289 (GCVE-0-2022-1289)

    Vulnerability from cvelistv5 – Published: 2022-04-10 15:15 – Updated: 2025-04-15 14:41
    VLAI
    Title
    tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service
    Summary
    A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow Furnace Affected: n/a
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.630Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.196755"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1289",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:13:59.249714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T14:41:32.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Furnace",
              "vendor": "tildearrow",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-10T15:15:15.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.196755"
            }
          ],
          "title": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2022-1289",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Furnace",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tildearrow"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-404 Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655",
                  "refsource": "MISC",
                  "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
                },
                {
                  "name": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce",
                  "refsource": "MISC",
                  "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
                },
                {
                  "name": "https://vuldb.com/?id.196755",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.196755"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-1289",
        "datePublished": "2022-04-10T15:15:15.000Z",
        "dateReserved": "2022-04-10T00:00:00.000Z",
        "dateUpdated": "2025-04-15T14:41:32.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1211 (GCVE-0-2022-1211)

    Vulnerability from cvelistv5 – Published: 2022-04-03 12:10 – Updated: 2025-04-15 14:42
    VLAI
    Title
    tildearrow Furnace FUR to VGM Converter stack-based overflow
    Summary
    A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    tildearrow Furnace Affected: dev73
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/tildearrow/furnace/issues/325"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.196371"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1211",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T17:14:02.991823Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-15T14:42:19.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Furnace",
              "vendor": "tildearrow",
              "versions": [
                {
                  "status": "affected",
                  "version": "dev73"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-03T12:10:11.000Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/tildearrow/furnace/issues/325"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.196371"
            }
          ],
          "title": "tildearrow Furnace FUR to VGM Converter stack-based overflow",
          "x_generator": "vuldb.com",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@vuldb.com",
              "ID": "CVE-2022-1211",
              "REQUESTER": "cna@vuldb.com",
              "STATE": "PUBLIC",
              "TITLE": "tildearrow Furnace FUR to VGM Converter stack-based overflow"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Furnace",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "dev73"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "tildearrow"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used."
                }
              ]
            },
            "generator": "vuldb.com",
            "impact": {
              "cvss": {
                "baseScore": "6.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121 Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/tildearrow/furnace/issues/325",
                  "refsource": "MISC",
                  "url": "https://github.com/tildearrow/furnace/issues/325"
                },
                {
                  "name": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing",
                  "refsource": "MISC",
                  "url": "https://drive.google.com/file/d/1h111beVcWG8F99jRffO7_HKYEhm7Qgvb/view?usp=sharing"
                },
                {
                  "name": "https://vuldb.com/?id.196371",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.196371"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2022-1211",
        "datePublished": "2022-04-03T12:10:11.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2025-04-15T14:42:19.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202204-0586

    Vulnerability from variot - Updated: 2024-11-23 23:03

    A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. tildearrow of furnace Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0586",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.3"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.5"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.3"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.2"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.2"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.1"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.2.1"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": null
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.5"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.5.2"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.6"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.5.3"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.2.2"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.4"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.5.4"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.5.1"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.4.7"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "0.3.1"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev65"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "0.6"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev77"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev67"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev75"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev66"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev6"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "0.5.7"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev7"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev10"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev80"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "0.5.5"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev79"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev8"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "0.5.6"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev9"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev68"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev78"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev73"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "0.5.8"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev63"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev69"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev64"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev70"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev72"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev5"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev71"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev76"
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tildearrow",
            "version": "dev62"
          },
          {
            "model": "furnace",
            "scope": null,
            "trust": 0.8,
            "vendor": "tildearrow",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "cve": "CVE-2022-1289",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-1289",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-1289",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-1289",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-1289",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-1289",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2022-1289",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-1289",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-2733",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-1289",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. tildearrow of furnace Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1289"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-1289",
            "trust": 3.3
          },
          {
            "db": "VULDB",
            "id": "196755",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1289",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "id": "VAR-202204-0586",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.35
      },
      "last_update_date": "2024-11-23T23:03:53.561000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "tildearrow Furnace Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189054"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-1289 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-404",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"
          },
          {
            "trust": 2.5,
            "url": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"
          },
          {
            "trust": 2.5,
            "url": "https://vuldb.com/?id.196755"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1289"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-1289/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-1289"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "date": "2023-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "date": "2022-04-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          },
          {
            "date": "2022-04-10T16:15:07.847000",
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1289"
          },
          {
            "date": "2023-07-24T08:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          },
          {
            "date": "2022-04-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          },
          {
            "date": "2024-11-21T06:40:25.290000",
            "db": "NVD",
            "id": "CVE-2022-1289"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "tildearrow\u00a0 of \u00a0furnace\u00a0 Vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-008157"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-2733"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202204-0791

    Vulnerability from variot - Updated: 2024-11-23 22:40

    A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. tildearrow of furnace Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. The tildearrow Furnace is a multi-SoC tuning tracker compatible with the DefleMask module. The vulnerability stems from the incorrect processing of input error messages. Remote attackers can exploit this vulnerability to cause stack-based overflow and crash

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0791",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "tildearrow",
            "version": "dev73"
          },
          {
            "model": "furnace",
            "scope": null,
            "trust": 0.8,
            "vendor": "tildearrow",
            "version": null
          },
          {
            "model": "furnace",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tildearrow",
            "version": null
          },
          {
            "model": "furnace tildearrow furnace dev73",
            "scope": null,
            "trust": 0.6,
            "vendor": "tildearrow",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "cve": "CVE-2022-1211",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-1211",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-81365",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-1211",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-1211",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-1211",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-1211",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2022-1211",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-1211",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-81365",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202204-1861",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-1211",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used. tildearrow of furnace Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. The tildearrow Furnace is a multi-SoC tuning tracker compatible with the DefleMask module. The vulnerability stems from the incorrect processing of input error messages. Remote attackers can exploit this vulnerability to cause stack-based overflow and crash",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1211"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-1211",
            "trust": 3.9
          },
          {
            "db": "VULDB",
            "id": "196371",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1211",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "id": "VAR-202204-0791",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          }
        ],
        "trust": 0.95
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:40:30.355000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2022-1289 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://drive.google.com/file/d/1h111bevcwg8f99jrffo7_hkyehm7qgvb/view?usp=sharing"
          },
          {
            "trust": 2.5,
            "url": "https://vuldb.com/?id.196371"
          },
          {
            "trust": 2.5,
            "url": "https://github.com/tildearrow/furnace/issues/325"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1211"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-1211/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2022-1289"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "date": "2022-04-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1211"
          },
          {
            "date": "2023-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "date": "2022-04-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          },
          {
            "date": "2022-04-03T12:15:09.133000",
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-11-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-81365"
          },
          {
            "date": "2022-04-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-1211"
          },
          {
            "date": "2023-07-20T08:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          },
          {
            "date": "2022-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          },
          {
            "date": "2024-11-21T06:40:15.883000",
            "db": "NVD",
            "id": "CVE-2022-1211"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "tildearrow\u00a0 of \u00a0furnace\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007814"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202204-1861"
          }
        ],
        "trust": 0.6
      }
    }