CVEDB API

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.7%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2022-40320

Libconfuse Project » Libconfuse » Version: 3.3

cpe:2.3:a:libconfuse_project:libconfuse:3.3
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35
Fedoraproject » Fedora » Version: 36

cpe:2.3:o:fedoraproject:fedora:36
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37