Dell PowerScale OneFS heapbased buf overflow (v8.2.x9.3.x)
CVE-2022-34454 Published on February 10, 2023
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.
Vulnerability Analysis
CVE-2022-34454 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2022-34454
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-34454 are published in Dell Emc Powerscale Onefs:
Affected Versions
Dell PowerScale OneFS:- Before and including 9.1.0.0 through 9.1.0.20, 9.2.1.0 through 9.2.1.13, 9.3.0.0 through 9.3.0.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.