What is CVE-2022-37706?

CVE-2022-37706 is a vulnerability in N/a. Published 2022-12-25.

Is CVE-2022-37706 known to be exploited?

35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-37706

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.

EPSS: 0.562 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

MaherAzzouzi/CVE-2022-37706-LPE-exploit
ECU-10525611-Xander/CVE-2022-37706
d3ndr1t30x/CVE-2022-37706
KaoXx/CVE-2022-37706
sanan2004/CVE-2022-37706
TACTICAL-HACK/CVE-2022-37706-SUID
junnythemarksman/CVE-2022-37706
rapid7/metasploit-framework
GhostTroops/TOP
GrayHatZone/CVE-2022-37706-LPE-exploit

References

github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e…
git.enlightenment.org/enlightenment/enlightenment/commit/cae78cbb169f237862faef…

Frequently asked questions

What is CVE-2022-37706?: CVE-2022-37706 is a vulnerability in N/a. Published 2022-12-25.
Is CVE-2022-37706 known to be exploited?: 35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.