CVE-2022-4399

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.

References

Affected packages

Git / github.com/ticklishhoneybee/nodau

Affected ranges

Type: GIT
Repo: https://github.com/ticklishhoneybee/nodau
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7a7d737a3929f335b9717ddbd31db91151b69ad2

Affected versions

v0.*

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "src/edit.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2022-4399-085752ac",
        "digest": {
            "line_hashes": [
                "303983630242556410311672699158956633467",
                "71499854133615171770895906052409212869",
                "92604545006411061145820306845868935123",
                "270420472280771672584607465768667532754"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ticklishhoneybee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2",
        "deprecated": false
    },
    {
        "target": {
            "file": "src/db.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2022-4399-6db549e5",
        "digest": {
            "line_hashes": [
                "220077255670172517469659362740396878108",
                "32152425791934044834379851842228186781",
                "238015134087219505584587765945293165424",
                "8265645216601249147815872756681571887",
                "101174584379961206002306045164503461894",
                "334372379568649365900827020725360290582",
                "155161866965538311290721953814571064468",
                "286144686912161310496978550447016805394",
                "55695778189050286310257037177799672681",
                "131298456139013868821065262633935501996",
                "167151049315703213690770821808353661190",
                "336189486306234553157239543324679914406",
                "324658004757048485276837914621620078059"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ticklishhoneybee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2",
        "deprecated": false
    },
    {
        "target": {
            "file": "src/db.c",
            "function": "db_update"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2022-4399-d65800d4",
        "digest": {
            "length": 540.0,
            "function_hash": "262014694912892732859119665972027525242"
        },
        "source": "https://github.com/ticklishhoneybee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2",
        "deprecated": false
    },
    {
        "target": {
            "file": "src/edit.c",
            "function": "edit_ext"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2022-4399-fd048ae2",
        "digest": {
            "length": 1254.0,
            "function_hash": "167158113131622619940783978181612783006"
        },
        "source": "https://github.com/ticklishhoneybee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2",
        "deprecated": false
    }
]