CVE-2022-31246
- Source
- https://cve.org/CVERecord?id=CVE-2022-31246
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31246.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-31246
- Related
- Published
- 2022-06-17T14:15:08.127Z
- Modified
- 2026-02-13T08:48:34.436952Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename.
- References
Affected packages
Git / github.com/spesmilo/electrum
Affected ranges
- Type
- GIT
- Repo
- https://github.com/spesmilo/electrum
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.56
0.57
0.57a
0.57b
0.57c
0.58
0.59
0.59a
0.59b
0.60
0.61-r1
0.61b
1.*
1.1
1.2
1.3
1.5
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.6.0
1.6.1
1.6.2
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7rc0
1.8
1.8.1
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
2.*
2.0
2.0-beta
2.0.1
2.0.2
2.0.3
2.0.4
2.0b2
2.0b3
2.1
2.1.1
2.2
2.3
2.3.1
2.3.2
2.3.3
2.4
2.4.1
2.4.2
2.4.3
2.5
2.5.1
2.5.2
2.5.3
2.5.4
2.6
2.6.1
2.6.2
2.6.3
2.6.4
2.7.0
2.7.1
2.7.10
2.7.11
2.7.12
2.7.13
2.7.14
2.7.15
2.7.16
2.7.17
2.7.18
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.8.0
2.8.1
2.8.2
2.9.0
2.9.1
2.9.2
2.9.3
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.1.2
3.1.3
3.2.0
3.2.1
3.2.2
3.2.3
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
4.*
4.0.0b0
4.0.0b1
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.2.0
4.2.1
Other
password_v2
seed_v10
seed_v5
seed_v7
seed_v8
seed_v9