CVE-2022-43702

CVE-2022-43702: Incomplete verification of installation file signature

Vendor Arm Ltd

Product Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MD

Weakness CWE-284

Published July 27, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Key dates

02Disclosure timeline

July 27, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-43702 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2022-43702

CWE CWE-284

Affected versions

Vendor Arm Ltd

Affected AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior

CVE-2022-43702: Incomplete verification of installation file signature

01Description

02Disclosure timeline

03References

04Related CVE