CVE-2022-48620

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48620
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48620.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48620
Downstream
Related
Published
2024-01-12T04:15:08Z
Modified
2025-10-15T14:17:19.073609Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

References

Affected packages

Git / github.com/troglobit/libuev

Affected ranges

Type
GIT
Repo
https://github.com/troglobit/libuev
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9

Affected versions

v0.*

v0.0.1

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.1
v1.5.2
v1.6.0

v2.*

v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "121254811648661372486891821819109896012",
                "116811963016505797736341674148129241576",
                "693435030131616152306440975411092265",
                "270531291914526335839276357464672481739",
                "283277182222216874731444177415438200423",
                "289138113754847921072260732847534257247",
                "273758224626026827844536480308326984820",
                "214400355621013792513719593153404214036",
                "53016471749846596605583326754170321081",
                "221668427243873438634925308931889595058",
                "114342932049294348890136278394688059997",
                "35389823256596489180858281255063336547",
                "54625061085718799153795942356189859801",
                "253715640974154177785894183197044912805",
                "231614680540564831755141522782212107423"
            ]
        },
        "target": {
            "file": "src/uev.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9",
        "signature_version": "v1",
        "id": "CVE-2022-48620-36077d62"
    },
    {
        "digest": {
            "length": 2466.0,
            "function_hash": "156934708487267136921027254211872722081"
        },
        "target": {
            "function": "uev_run",
            "file": "src/uev.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9",
        "signature_version": "v1",
        "id": "CVE-2022-48620-c22ae47b"
    },
    {
        "digest": {
            "length": 215.0,
            "function_hash": "51038825712362628829118378891345158476"
        },
        "target": {
            "function": "uev_init1",
            "file": "src/uev.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9",
        "signature_version": "v1",
        "id": "CVE-2022-48620-e62cf3c0"
    }
]