Login Sign Up

CVE-2022-1341

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-1341 is a NULL pointer dereference vulnerability in bwm-ng v0.6.2 that allows attackers to cause a denial of service or potentially execute arbitrary code by triggering a null write in the get_cmdln_options() function. This affects systems running the vulnerable version of bwm-ng, a bandwidth monitoring tool commonly used on Linux/Unix systems.

💻 Affected Systems

Products:
  • bwm-ng
Versions: Version 0.6.2 specifically
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects bwm-ng version 0.6.2. Earlier versions may be unaffected, and later versions contain the fix.

📦 What is this software?

Bwm Ng by Bwm Ng Project

View all CVEs affecting Bwm Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities, or denial of service causing system crashes.

🟠

Likely Case

Application crash leading to denial of service for the bwm-ng monitoring functionality.

🟢

If Mitigated

Limited impact with proper privilege separation and minimal user access to the application.

🌐 Internet-Facing: LOW - bwm-ng is typically not exposed to the internet and runs locally for system monitoring.
🏢 Internal Only: MEDIUM - Could be exploited by local users or through other compromised services to disrupt monitoring capabilities.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or ability to influence command-line arguments passed to bwm-ng.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17

Vendor Advisory: https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17

Restart Required: Yes

Instructions:

1. Update bwm-ng to latest version from official repository. 2. Recompile from source if using source distribution. 3. Restart any running bwm-ng processes.

🔧 Temporary Workarounds

Remove vulnerable version

linux

Uninstall bwm-ng v0.6.2 and use alternative monitoring tools

sudo apt remove bwm-ng
sudo yum remove bwm-ng

Restrict execution permissions

linux

Limit who can execute bwm-ng to reduce attack surface

sudo chmod 750 /usr/bin/bwm-ng
sudo chown root:root /usr/bin/bwm-ng

🧯 If You Can't Patch

  • Disable or remove bwm-ng from affected systems
  • Implement strict access controls to limit who can execute bwm-ng

🔍 How to Verify

Check if Vulnerable:

Check bwm-ng version with: bwm-ng --version | grep '0.6.2'

Check Version:

bwm-ng --version

Verify Fix Applied:

Verify version is not 0.6.2: bwm-ng --version

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in system logs related to bwm-ng
  • Unexpected termination of bwm-ng process

Network Indicators:

  • No network indicators as this is a local vulnerability

SIEM Query:

process.name:"bwm-ng" AND event.action:"segmentation_fault" OR process.terminated

📊 Metadata

CVE ID: CVE-2022-1341
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: April 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1341, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)