itunesrpc-remasteredproject itunesrpc-remastered CVE-2022-23603 in Itunesrpc Remasteredproject and Apple Products
Published on February 1, 2022

Code injection in iTunesRPC-Remastered

product logo product logo
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

NVD

Vulnerability Analysis

CVE-2022-23603 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is an Output Sanitization Vulnerability?

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CVE-2022-23603 has been classified to as an Output Sanitization vulnerability or weakness.


Products Associated with CVE-2022-23603

stack.watch emails you whenever new vulnerabilities are published in Itunesrpc Remasteredproject Itunesrpc Remastered or Apple Music. Just hit a watch button to start following.

Itunesrpc Remasteredproject Itunesrpc Remastered
 
Apple Music
 

Exploit Probability

EPSS
0.37%
Percentile
58.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.