CVE-2022-4880 MEDIUM

CVE-2022-4880: stakira OpenUtau ZIP Archive VoicebankInstaller.cs VoicebankInstaller path traversal

Vendor Stakira

Product OpenUtau

Weakness CWE-22 · Path traversal

Published January 7, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability.

Key dates

02Disclosure timeline

January 7, 2023 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4880 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/22.html

Related vulnerabilities

CVE-2022-4880: stakira OpenUtau ZIP Archive VoicebankInstaller.cs VoicebankInstaller path traversal

01Description

02Disclosure timeline

03References

04Related CVE