CVE-2022-29694

moderate-risk
Published 2022-06-02

Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.

Do I need to act?

-
0.76% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (8)

Unicorn Engine
Unicorn Engine
Unicorn Engine
Unicorn Engine
Unicorn Engine
Unicorn Engine
Unicorn Engine
Unicorn Engine

Affected Vendors

Unicorn-Engine

References (10)

Patch https://github.com/unicorn-engine/unicorn/commit/3d3deac5e6d38602b689c4fef5dac00...
Exploit https://github.com/unicorn-engine/unicorn/issues/1588
Patch https://github.com/unicorn-engine/unicorn/pull/1593/commits/31389e59457f304be380...
Patch https://github.com/unicorn-engine/unicorn/pull/1593/commits/6a879a082d4d67a5d13f...
Exploit https://violentbinary.github.io/posts/2-simple-analysis-of-software-virtualizati...
Patch https://github.com/unicorn-engine/unicorn/commit/3d3deac5e6d38602b689c4fef5dac00...
Exploit https://github.com/unicorn-engine/unicorn/issues/1588
Patch https://github.com/unicorn-engine/unicorn/pull/1593/commits/31389e59457f304be380...
Patch https://github.com/unicorn-engine/unicorn/pull/1593/commits/6a879a082d4d67a5d13f...
Exploit https://violentbinary.github.io/posts/2-simple-analysis-of-software-virtualizati...
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 14/34 · Moderate