CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47525
https://notcve.org/view.php?id=CVE-2022-47525
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction. • https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode https://www.fox-it.com/nl-en/software-vulnerability-report • CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47526
https://notcve.org/view.php?id=CVE-2022-47526
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. • https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode https://www.fox-it.com/nl-en/software-vulnerability-report • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •