CVE-2022-28285

Public on 2022-04-25

Modified on 2022-04-25

Description

The Mozilla Foundation Security Advisory describes this flaw as:

When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read.

Severity

Medium

See what this means

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	thunderbird	2022-04-25 23:45	ALAS2-2022-1789

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD	CVSSv3	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Red Hat: CVE-2022-28285 Mitre: CVE-2022-28285 FAQs regarding Amazon Linux ALAS/CVE Severity