CVE-2022-48174
CVE Details
Visit the official vulnerability details page for CVE-2022-48174 to learn more.
Initial Publication
01/20/2025
Last Update
02/21/2025
Third Party Dependency
busybox
NIST CVE Summary
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
CVE Severity
Our Official Summary
This vulnerability affects the ash component of Busybox software up to version 1.34. This stack overflow vulnerability can lead to arbitrary code execution, particularly in the environment of Internet of Vehicles.
The risk for our products is low for the following reasons: a) There are no known reports of exploitation from the 3rd party vendors. b) These images are not accessible directly for an attacker to send crafted input.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.7 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.6.6 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.21 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
| 4.5.20 | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 02/21/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 |
| 02/17/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6 |
| 02/14/2025 | Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22 |
| 02/13/2025 | Status changed from Open to Ongoing |
| 02/13/2025 | Official summary added |
| 02/05/2025 | Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21 |