CVE-2022-48554: Buffer Overflow
Published Aug 22, 2023
·Updated
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit
CVE-2022-48554, m4yfly with TianGong Team(Legendsec at Qi'anxin Group), Guilherme Rambo(Best Buddy Apps), an anonymous researcher, Csaba Fitzl@@theevilbit(OffSec), CVE-2024-23205, Joshua Jewett@@JoshJewett33, Mickey Jin@@patch1t, Junsung Lee(Trend Micro Zero Day Initiative), Zhenjiang Zhao(pangu team), Qianxin(CrowdStrike Counter Adversary Operations), (CrowdStrike Counter Adversary Operations), Amir Bazine(CrowdStrike Counter Adversary Operations), Karsten König(CrowdStrike Counter Adversary Operations), Dohyun Lee@@l33d0hyun, Lyutoon, Mr.R, Murray Mike, Pedro Tôrres@@t0rr3sp3dr0, CVE-2024-23235, Xinru Chi(Pangu Lab), CVE-2024-23225, koocola, ali yabuz, Kirin@@Pwnrin, Meysam Firouzi@@R00tkitsmm(Trend Micro Zero Day Initiative), @@08Tc3wBB(Jamf), CVE-2024-23283, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, Bohdan Stasiuk@@Bohdan_Stasiuk, Harsh Tyagi, Wojciech Regula(SecuRing), CVE-2024-23296, Lyra Rebane (rebane2001), Matej Rabzelj, CVE-2024-23238, Yiğit Can YILMAZ@@yilmazcanyigit, luckyu@@uuulucky, K宝(Fudan University), LFY@@secsys(Fudan University), Lewis Hardy, Bistrit Dahal, CVE-2024-23241, CVE-2024-23242, Matthew Loewen, Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik, anbu1024(SecANT), Pwn2car, James Lee@@Windowsrcer, Johan Carlsson (joaxcar), Georg Felber, Marco Squarcina, Marc Newlin(SkySafe), Brian McNulty, Stephan Casas, CVE-2024-23291, scj643, CVE-2024-23220, Om Kothawade, Cristian Dinca(Computer Science), Romania
Affected Software
14 affected componentsFixes available
ubuntu/file<1:5.44-1
1:5.44-1
ubuntu/file<1:5.41-3ubuntu0.1
1:5.41-3ubuntu0.1
debian/file
1:5.35-4+deb10u21:5.35-4+deb10u11:5.39-3+deb11u11:5.44-31:5.45-2
redhat/file<5.42
5.42
IBM Cognos Analytics<=12.0.0-12.0.3
IBM Cognos Analytics<=11.2.0-11.2.4 FP4
Apple macOS Sonoma<14.4
14.4
File Project File<5.43
Apple tvOS<17.4
17.4
Apple WatchOS<10.4
10.4
File Project File=5.41
Debian Debian Linux=11.0
Apple iOS<17.4
17.4
Apple iPadOS<17.4
17.4
Remediation
Event History
Aug 22, 2023
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Jan 12, 2024
Data Sourced
via Launchpad·12:13 AM
Description
Mar 5, 2024
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Weakness
Frequently Asked Questions
1
What is CVE-2022-48554?
CVE-2022-48554 is a stack-based buffer over-read vulnerability in the file_copystr function in funcs.c in the File project.
2
What is the severity of CVE-2022-48554?
The severity of CVE-2022-48554 is medium, with a severity value of 5.5.
3
Which software versions are affected by CVE-2022-48554?
The File project versions up to and excluding 5.43, as well as specific versions of the file package in Debian and Ubuntu, are affected.
4
How can I fix CVE-2022-48554 in the File project?
To fix CVE-2022-48554 in the File project, it is recommended to upgrade to version 5.43 or later.
5
How can I fix CVE-2022-48554 in Debian and Ubuntu?
For Debian, update the file package to version 1:5.44-3 or later. For Ubuntu, update the file package to version 1:5.44-1 or later.