CVE-2022-43343
Published: 08 November 2022
Summary
CVE-2022-43343 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in N-Prolog Project N-Prolog. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 11.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
N-Prolog version 1.91 contains a global buffer overflow vulnerability in the gettoken function within Main.c, classified under CWE-120. The flaw received a CVSS 3.1 score of 7.5, reflecting network attack vector, low attack complexity, and no requirements for authentication or user interaction, with the primary impact being high availability degradation while confidentiality and integrity remain unaffected.
An unauthenticated remote attacker can supply crafted input over the network to trigger the overflow, resulting in a crash or denial-of-service condition against the affected N-Prolog instance. The provided references point to the upstream GitHub issue tracker but contain no explicit mitigation guidance or patch details in the available information.
EPSS scores for the CVE reached a peak of 0.0514 before receding to the current value of 0.0408, indicating limited but observable exploitation interest after disclosure. No reports of in-the-wild exploitation or additional context such as AI/ML involvement are present in the supplied data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-46382
Vulnerability details
N-Prolog v1.91 was discovered to contain a global buffer overflow vulnerability in the function gettoken() at Main.c.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.