CVE-2022-1543

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-1543

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1543.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1543

Published

2022-04-29T18:10:09Z

Modified

2026-03-02T02:52:59.785945Z

Severity

9.3 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H CVSS Calculator

Summary

Improper handling of Length parameter in erudika/scoold

Details

Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.

Database specific

{
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-130"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1543.json"
}

References

Affected packages

Git / github.com/erudika/scoold

Affected ranges

Type: GIT
Repo: https://github.com/erudika/scoold
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

62a0e92e1486ddc17676a7ead2c07ff653d167ce

Affected versions

1.*

1.24.1

1.24.10

1.24.11

1.24.2

1.24.3

1.24.4

1.24.5

1.24.6

1.24.7

1.24.8

1.24.9

1.25.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.26.0

1.26.1

1.28.0

1.28.1

1.28.10

1.28.2

1.28.3

1.28.4

1.28.5

1.28.6

1.28.7

1.28.8

1.28.9

1.29.0

1.29.1

1.29.2

1.29.3

1.29.4

1.30.0

1.30.1

1.30.2

1.30.3

1.30.4

1.30.5

1.31.0

1.31.1

1.31.2

1.31.3

1.31.4

1.32.0

1.32.1

1.33.0

1.33.1

1.34.0

1.35.0

1.35.1

1.35.2

1.35.3

1.36.0

1.36.1

1.36.2

1.37.0

1.37.1

1.38.0

1.39.0

1.39.1

1.39.2

1.39.3

1.39.4

1.40.0

1.40.1

1.40.2

1.40.3

1.40.4

1.40.5

1.41.0

1.41.1

1.41.2

1.42.1

1.43.0

1.43.1

1.43.2

1.43.3

1.44.0

1.45.0

1.46.0

1.46.1

1.46.2

1.46.3

1.46.4

1.46.5

1.47.0

1.47.1

1.47.2

1.48.0

1.48.1

1.48.2

1.49.0

1.49.1

1.49.2

1.49.3

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 622.0,
            "function_hash": "265660216317285609534752659757617058514"
        },
        "source": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce",
        "deprecated": false,
        "id": "CVE-2022-1543-571cbfd3",
        "signature_type": "Function",
        "target": {
            "function": "updateUserPictureAndName",
            "file": "src/main/java/com/erudika/scoold/controllers/ProfileController.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "211629977491170619049913659508292615476",
                "211634383808851780241374717764239497067",
                "70968352504130803726974135255670138742",
                "67890799766719797059182751872168374139"
            ]
        },
        "source": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce",
        "deprecated": false,
        "id": "CVE-2022-1543-7ed14a1c",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/erudika/scoold/controllers/ProfileController.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 619.0,
            "function_hash": "252112291235173890737571049669118148592"
        },
        "source": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce",
        "deprecated": false,
        "id": "CVE-2022-1543-cbb6f020",
        "signature_type": "Function",
        "target": {
            "function": "updateProfilePictureAndName",
            "file": "src/main/java/com/erudika/scoold/utils/ScooldUtils.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "114655733348253043509686436875016073465",
                "321101153080300775535344413051179694896",
                "287180865918966036129481927995005396904",
                "261645096287423575722412681268790409521"
            ]
        },
        "source": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce",
        "deprecated": false,
        "id": "CVE-2022-1543-d128eb09",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/erudika/scoold/utils/ScooldUtils.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "339690704184666715930920932127198628117",
                "112533359272343193184409164038332253042",
                "158404882985283570244258977911168951270",
                "40350836642989822946880062270326706170"
            ]
        },
        "source": "https://github.com/erudika/scoold/commit/62a0e92e1486ddc17676a7ead2c07ff653d167ce",
        "deprecated": false,
        "id": "CVE-2022-1543-dc3b41a2",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/erudika/scoold/core/Profile.java"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1543.json"