CVE-2022-31135

Maliciously crafted evidence packet may cause denial of service

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.

Akashi es una implementación de servidor de código abierto del videojuego Attorney Online basado en el universo de Ace Attorney. Las versiones afectadas de Akashi están sujetas a un ataque de denegación de servicio. Un atacante puede usar un paquete de pruebas especialmente diseñado para realizar una modificación ilegal, causando un bloqueo del servidor. Esto puede ser usado para montar una explotación de denegación de servicio. Es recomendado a usuarios actualizar. No es conocida ninguna mitigación para este problema

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-18 CVE Reserved
2022-07-07 CVE Published
2024-01-28 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-129: Improper Validation of Array Index

CAPEC

References (2)

URL	Tag	Source
https://github.com/AttorneyOnline/akashi/security/advisories/GHSA-vj86-vfmg-q68v	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/AttorneyOnline/akashi/commit/5566cdfedddef1f219aee33477d9c9690bf2f78b	2022-07-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Aceattorneyonline Search vendor "Aceattorneyonline"		Akashi Search vendor "Aceattorneyonline" for product "Akashi"				< 1.4 Search vendor "Aceattorneyonline" for product "Akashi" and version " < 1.4"		-		Affected