Search for vulnerabilities
Vulnerability details: VCID-qccg-re6f-aaaf
Vulnerability ID VCID-qccg-re6f-aaaf
Aliases CVE-2022-29536
Summary In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00775 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00818 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00818 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00818 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00818 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00818 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00882 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00969 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
archlinux High https://security.archlinux.org/AVG-2684
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-29536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29536
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
https://lists.debian.org/debian-lts-announce/2022/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7YWVIUGFRA6GOE3QAPSJJ6EL3DJG5NX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5K5UPNHVWXDPSMBNSB2645MD2N5CXQS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7YWVIUGFRA6GOE3QAPSJJ6EL3DJG5NX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5K5UPNHVWXDPSMBNSB2645MD2N5CXQS/
https://www.debian.org/security/2022/dsa-5208
1009959 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009959
AVG-2684 https://security.archlinux.org/AVG-2684
cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-29536 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
GLSA-202405-27 https://security.gentoo.org/glsa/202405-27
USN-5561-1 https://usn.ubuntu.com/5561-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15768
EPSS Score 0.0006
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.