Vulnerability Details CVE-2022-34295
totd before 1.5.3 does not properly randomize mesg IDs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf
- https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399
- https://github.com/fwdillema/totd/releases/tag/1.5.3
- https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
- http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf
- https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399
- https://github.com/fwdillema/totd/releases/tag/1.5.3
- https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner
Products affected by CVE-2022-34295
-
cpe:2.3:a:totd_project:totd:1.5.2