// For flags

CVE-2022-3349

Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow

Severity Score

6.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-209679.

Se ha encontrado una vulnerabilidad en Sony PS4 y PS5. Ha sido clasificada como crítica. Afecta a la función UVFAT_readupcasetable del componente exFAT Handler. La manipulación del argumento dataLength conlleva a un desbordamiento del buffer en la región heap de la memoria. Es posible lanzar el ataque en el dispositivo físico. Es recomendado actualizar el componente afectado. El identificador asociado a esta vulnerabilidad es VDB-209679

*Credits: Andy Nguyen
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-28 CVE Reserved
  • 2022-09-28 CVE Published
  • 2024-04-20 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://hackerone.com/reports/1340942 2024-08-03
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sony
Search vendor "Sony"
 Playstation 4 Firmware
Search vendor "Sony" for product "Playstation 4 Firmware"
--
Affected
in Sony
Search vendor "Sony"
 Playstation 4
Search vendor "Sony" for product "Playstation 4"
--
Safe
Sony
Search vendor "Sony"
 Playstation 5 Firmware
Search vendor "Sony" for product "Playstation 5 Firmware"
--
Affected
in Sony
Search vendor "Sony"
 Playstation 5
Search vendor "Sony" for product "Playstation 5"
--
Safe