CVE-2022-47943 - log back

CVE-2022-47943 created at 27 Feb 2023 23:08:28
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in
+ fs/ksmbd/smb2misc.c can allow a remote authenticated attacker to disclose sensitive information
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac60778b87e45576d7bfdbd6f53df902654e6f09
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
+ https://kernel.dance/#CVE-2022-47943
+ https://www.zerodayinitiative.com/advisories/ZDI-22-1691/
Notes