Cyber Resilience

CVE-2022-43343

HighPublic PoC

Published: 08 November 2022

Published
08 November 2022
Modified
01 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0408 88.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-43343 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in N-Prolog Project N-Prolog. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 11.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

N-Prolog version 1.91 contains a global buffer overflow vulnerability in the gettoken function within Main.c, classified under CWE-120. The flaw received a CVSS 3.1 score of 7.5, reflecting network attack vector, low attack complexity, and no requirements for authentication or user interaction, with the primary impact being high availability degradation while confidentiality and integrity remain unaffected.

An unauthenticated remote attacker can supply crafted input over the network to trigger the overflow, resulting in a crash or denial-of-service condition against the affected N-Prolog instance. The provided references point to the upstream GitHub issue tracker but contain no explicit mitigation guidance or patch details in the available information.

EPSS scores for the CVE reached a peak of 0.0514 before receding to the current value of 0.0408, indicating limited but observable exploitation interest after disclosure. No reports of in-the-wild exploitation or additional context such as AI/ML involvement are present in the supplied data.

EU & UK References

Vulnerability details

N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

n-prolog project
n-prolog
1.91

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References