An attacker can send an HTTP request with a maliciously-crafted chunk file. The server will read the file and return a response. If the server receives a chunk file that it does not understand, it will respond with an error code. An attacker can send an HTTP request with a maliciously-crafted chunk file. The server will read the file and return a response. If the server receives a chunk file that it does not understand, it will respond with an error code. Information disclosure occurs as the server will return the contents of the chunk file. This is not a critical issue as AVideo 11.6 and dev master are secure. However, it is a significant issue as it can lead to the disclosure of sensitive information such as credit card numbers or passwords.

Vulnerability Summary

A remote code execution vulnerability was found in AVideo 11.6 and dev master. An attacker can send an HTTP request with a maliciously-crafted chunk file. The server will read the file and return a response. If the server receives a chunk file that it does not understand, it will respond with an error code. Information disclosure occurs as the server will return the contents of the chunk file. This is not a critical issue as AVideo 11.6 and dev master are secure; however, it is a significant issue as it can lead to the disclosure of sensitive information such as credit card numbers or passwords.

Summary

CVE-2022-28710 is a vulnerability in AVideo 11.6 and dev master that can lead to the disclosure of sensitive information such as credit card numbers or passwords.

Vulnerable versions of AVideo

A Video 11.6 and dev master are vulnerable to this issue.

Timeline

Published on: 08/22/2022 19:15:00 UTC
Last modified on: 08/24/2022 12:36:00 UTC

References