CVE-2022-35041 The commit 617837b in OTFCC was found to have a heap buffer overflow.

An attacker could leverage this vulnerability to execute code in the context of the web server via a specially crafted request.

CVE-2018-10276 otfccdump 9.1.x before 9.1.2 and otfccmd 9.1.x before 9.1.2 allow remote attackers to cause a denial of service (CPU consumption) via a large amount of data in the header of a request, as demonstrated by the header of an HTTP request to otfccdump.

CVE-2018-10446 otfccdump 9.1.x before 9.1.2 and otfccmd 9.1.x before 9.1.2 allow remote attackers to cause a denial of service (CPU consumption) via a large amount of data in the header of a request, as demonstrated by the header of an HTTP request to otfccdump.

CVE-2018-10465 otfccdump 9.1.x before 9.1.2 and otfccmd 9.1.x before 9.1.2 allow remote attackers to cause a denial of service (CPU consumption) via a large amount of data in the header of a request, as demonstrated by the header of an HTTP request to otfccdump.

CVE-2018-10484 otfccdump 9.1.x before 9.1.2 and otfccmd 9.1.x before 9.1.

Coverage

Suffice it to say, the vulnerability is a potential risk to any system that processes HTTP requests.

Timeline

Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:09:00 UTC

References

• https://drive.google.com/file/d/1pzPVwMvEu-qvuyw6Mbu42zuKoaq6cp-6/view?usp=sharing
• https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35041.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35041