Out-of-Bounds The advisory has been revoked - it doesn't affect any version of package advancecomp (opens in a new tab)

Threat Intelligence

0.18% (56^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-CENTOS7-ADVANCECOMP-3025543
published16 Sept 2022
disclosed29 Aug 2022

Report a new vulnerability Found a mistake?

Introduced: 29 Aug 2022

CVE-2022-35018 (opens in a new tab) CWE-119 (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:7.

NVD Description

Note: Versions mentioned in the description apply only to the upstream advancecomp package and not the advancecomp package as distributed by Centos.

Advancecomp v2.3 was discovered to contain a segmentation fault.

References

https://access.redhat.com/security/cve/CVE-2022-35018
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE/
https://drive.google.com/file/d/1ChqmPdrjId87582a-o5ogWyEI8goRVWJ/view?usp=sharing
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE/