Upstream information
Description
A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
CNA (VulDB) | |
---|---|
Base Score | 1.7 |
Vector | AV:L/AC:L/Au:S/C:N/I:N/A:P |
Access Vector | Local |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
CNA (VulDB) | SUSE | |
---|---|---|
Base Score | 3.3 | 3.3 |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Attack Vector | Local | Local |
Attack Complexity | Low | Low |
Privileges Required | Low | Low |
User Interaction | None | None |
Scope | Unchanged | Unchanged |
Confidentiality Impact | None | None |
Integrity Impact | None | None |
Availability Impact | Low | Low |
CVSSv3 Version | 3.1 | 3.1 |
CNA (VulDB) | SUSE | |
---|---|---|
Base Score | 1.9 | 1.9 |
Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Attack Vector | Local | Local |
Attack Complexity | Low | Low |
Attack Requirements | None | None |
Privileges Required | Low | Low |
User Interaction | None | None |
Vulnerable System Confidentiality Impact | None | None |
Vulnerable System Integrity Impact | None | None |
Vulnerable System Availability Impact | Low | Low |
Subsequent System Confidentiality Impact | None | None |
Subsequent System Integrity Impact | None | None |
Subsequent System Availability Impact | None | None |
CVSSv4 Version | 4.0 | 4.0 |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15322 |
SUSE Timeline for this CVE
CVE page created: Sat Jun 21 04:00:22 2025CVE page last modified: Tue Jul 15 18:23:56 2025