CVE-2022-31135

Maliciously crafted evidence packet may cause denial of service

CVSS 6.5 MEDIUMEPSS 0.8%CWE-129

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.8%KEV nãoPoC —Patch —

Lifecycle

07 Jul 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

AttorneyOnline · akashi

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/AttorneyOnline/akashi/commit/5566cdfedddef1f219aee33477d9c9690bf2f78b https://github.com/AttorneyOnline/akashi/security/advisories/GHSA-vj86-vfmg-q68v