CVE-2022-1289

moderate-risk
Published 2022-04-10

A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.

Do I need to act?

-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace
Furnace

Affected Vendors

Tildearrow

References (6)

Patch https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3...
Exploit https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655
Third Party Advisory https://vuldb.com/?id.196755
Patch https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3...
Exploit https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655
Third Party Advisory https://vuldb.com/?id.196755
45
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 26/34 · High