CVE-2022-1289

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1289

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1289.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-1289

Published

2022-04-10T16:15:07.847Z

Modified

2025-11-14T12:46:11.552225Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.

References

Affected packages

Git / github.com/tildearrow/furnace

Affected ranges

Type: GIT
Repo: https://github.com/tildearrow/furnace
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0eb02422d5161767e9983bdaa5c429762d3477ce

Affected versions

Other

dev10

dev5

dev6

dev62

dev63

dev64

dev65

dev66

dev67

dev68

dev69

dev7

dev70

dev71

dev72

dev73

dev75

dev76

dev77

dev78

dev79

dev8

dev80

dev9

v0.*

v0.2

v0.2.1

v0.2.2

v0.3

v0.3.1

v0.4

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.5-real

v0.4.6

v0.5

v0.5.1

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.7pre4

v0.6pre0

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "src/gui/pattern.cpp"
        },
        "id": "CVE-2022-1289-1ce81ad5",
        "source": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce",
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335054832721819695341258929487485254091",
                "188167164482528443823020661433853272003",
                "275695170689737141780568725748329210444",
                "229775994306794305861732485281585947710",
                "205542306335405924399593836027670631170",
                "5527374082439882929407294290345732572",
                "14205804872781347412031128190549890686",
                "224527381082166424050347205262292829280",
                "299615791772188005475367469667676677627",
                "35291682120878028074562167328046806675",
                "229305566675741677860294076858399250525",
                "191678615460417363471654598511070760145",
                "94755691338511321975974293456769700443",
                "338229083817740201723464914651087997401",
                "231427078726831481721968362667948769222",
                "180429986184618552289062435907467840408",
                "178998884727283178971979818122113358261",
                "176855138969740191773339550628523287765",
                "292788389037357391129479104853790042689",
                "145057607930188924730787717210684651415",
                "12026866681922850118580940562993504400",
                "138193661692865688140163686713591072773",
                "247988030675059336927251877141400701104",
                "202937378793698949818660023902147530893"
            ]
        },
        "signature_version": "v1"
    },
    {
        "target": {
            "function": "FurnaceGUI::patternRow",
            "file": "src/gui/pattern.cpp"
        },
        "id": "CVE-2022-1289-b057369c",
        "source": "https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce",
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 12437.0,
            "function_hash": "209561055361738806669877998052791832808"
        },
        "signature_version": "v1"
    }
]