{"id":"CVE-2022-1289","details":"A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.","modified":"2026-04-11T23:42:01.520540Z","published":"2022-04-10T16:15:07.847Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.196755"},{"type":"REPORT","url":"https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655"},{"type":"FIX","url":"https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tildearrow/furnace","events":[{"introduced":"0"},{"last_affected":"217e42471b3ac9a8b9677d501b880642df93fa69"},{"introduced":"0"},{"last_affected":"cbc39909e42c033bee9479f174daee262ac24c4e"},{"introduced":"0"},{"last_affected":"28d3dc26916cf8828d209cafd7f7e647308564ab"},{"introduced":"0"},{"last_affected":"245a566806a00a38abfa541333547dd57e32c09f"},{"introduced":"0"},{"last_affected":"177fe0fbdd72d0787f0efc5b22b475b0ba63be96"},{"introduced":"0"},{"last_affected":"35834a11161412a390d7c128cf14e83b4179f50b"},{"introduced":"0"},{"last_affected":"d828018500811d9c5e6c91bc486414f84b056d5e"},{"introduced":"0"},{"last_affected":"75118e404be65b09be154c5c200b806efac970da"},{"introduced":"0"},{"last_affected":"fe757ac6e7ee4a143ca85fe0a20edc84e739e5b8"},{"introduced":"0"},{"last_affected":"7c409486803073a44e5c06a5378bfdc30cd78fd0"},{"introduced":"0"},{"last_affected":"f39e522e7efbfe5b271365b72d92f4f708dbee81"},{"introduced":"0"},{"last_affected":"f39e522e7efbfe5b271365b72d92f4f708dbee81"},{"introduced":"0"},{"last_affected":"61639e5123c0eba8ee173e4113c0b40157931185"},{"introduced":"0"},{"last_affected":"d0c485fec1a4399b8f962d5a619127a263028d67"},{"introduced":"0"},{"last_affected":"a1d3d3d87382edfce2237467294c49bab21bf8ac"},{"introduced":"0"},{"last_affected":"7c9beca93f97798ae8cc3eb892caf17c5fa92ac6"},{"introduced":"0"},{"last_affected":"34ec189be553ab6aa2ed383597b071335a2de027"},{"introduced":"0"},{"last_affected":"50516d86ae5aa2ec8322ae28b8298aadaf81a449"},{"introduced":"0"},{"last_affected":"045dfa679a8e6476799a06ee148eb88d443a9afd"},{"introduced":"0"},{"last_affected":"e115d9e23bde72280d529d1c3ccacead4bb37ca4"},{"introduced":"0"},{"last_affected":"7bc0f530a3126b6169b0b2a18a91aeb04aadf3b9"},{"introduced":"0"},{"last_affected":"721445cf07071d8f23ae6b655face7251d8fb505"},{"introduced":"0"},{"last_affected":"d7bcd18c56464e515c39a8ef86eb9efe7f256247"},{"introduced":"0"},{"last_affected":"b80c24a9481898b884d4fa5c51e76599636f3ac3"},{"introduced":"0"},{"last_affected":"f7566455c2e6874c311979ca1f8727b2a4ea13c4"},{"introduced":"0"},{"last_affected":"09ed99f0b07dca55bfc34cf64d5f42c45a97d575"},{"introduced":"0"},{"last_affected":"2a379f3adc11c70bfb61f63ffecf09779630bb93"},{"introduced":"0"},{"last_affected":"2be720540fe5c0257ceac35ed491bdc93074d82c"},{"introduced":"0"},{"last_affected":"7d24b10da40fd207c4d15d89accf661fd0aa0cb6"},{"introduced":"0"},{"last_affected":"13c6362edbff081848406d1b87e1bba95fedf309"},{"introduced":"0"},{"last_affected":"d4fb9bac83d8c8d8d30fd3f6eb8f4c9235d10638"},{"introduced":"0"},{"last_affected":"8e5b3abab86b764ebb96a14e892023faa74de009"},{"introduced":"0"},{"last_affected":"875827719927cd7789e2b89b4ccdc6c1c1798952"},{"introduced":"0"},{"last_affected":"2a0aa19b2b1b9e329ee2bf732f5faae5aabb70d4"},{"introduced":"0"},{"last_affected":"cf07e1861ef32c3bf93b96e6c4634b50e673ee30"},{"introduced":"0"},{"last_affected":"e009fc64f2a58cbea6c8ee8093bd61998ee3ddd9"},{"introduced":"0"},{"last_affected":"3163730fe8e1436938597249e9f2aada7c4ca152"},{"introduced":"0"},{"last_affected":"c264678fdce7f81e5f3d29ff936ad9c8c886aa14"},{"introduced":"0"},{"last_affected":"d63f3d311b48548f218a370bbb71e862a1f72d91"},{"introduced":"0"},{"last_affected":"ac79e7d6af862b511623f8640d08f51eaa80d1c6"},{"introduced":"0"},{"last_affected":"bd36a4ffdcb85e6b8283de2ac8c749d0cea4f75c"},{"introduced":"0"},{"last_affected":"9b6e582f8d97350367bda600dd67793d2599bf21"},{"introduced":"0"},{"last_affected":"075f758e4dd65d7886d8e5f363cd7a05dfd49231"},{"introduced":"0"},{"last_affected":"251da3a9d05cc3ec46a28fe86061bb60f94d4428"},{"introduced":"0"},{"last_affected":"ccb8d3d355326454cceb1b438295c0c98ea37019"},{"introduced":"0"},{"last_affected":"b162c09f7c0631ac88f56970e8f10abcf2624077"},{"introduced":"0"},{"last_affected":"ad09254cf41f0acc65bb193e66b78fdff8680616"},{"introduced":"0"},{"last_affected":"65f893822a1ce1431f68934d4199f4d046837d12"},{"introduced":"0"},{"last_affected":"9e0e8f334599404734fa3f4dfa3ad7275c0d3b61"},{"fixed":"0eb02422d5161767e9983bdaa5c429762d3477ce"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.2"},{"introduced":"0"},{"last_affected":"0.2.1"},{"introduced":"0"},{"last_affected":"0.2.2"},{"introduced":"0"},{"last_affected":"0.3"},{"introduced":"0"},{"last_affected":"0.3.1"},{"introduced":"0"},{"last_affected":"0.4"},{"introduced":"0"},{"last_affected":"0.4.1"},{"introduced":"0"},{"last_affected":"0.4.2"},{"introduced":"0"},{"last_affected":"0.4.3"},{"introduced":"0"},{"last_affected":"0.4.4"},{"introduced":"0"},{"last_affected":"0.4.5"},{"introduced":"0"},{"last_affected":"0.4.5-real"},{"introduced":"0"},{"last_affected":"0.4.6"},{"introduced":"0"},{"last_affected":"0.4.7"},{"introduced":"0"},{"last_affected":"0.5"},{"introduced":"0"},{"last_affected":"0.5.1"},{"introduced":"0"},{"last_affected":"0.5.2"},{"introduced":"0"},{"last_affected":"0.5.3"},{"introduced":"0"},{"last_affected":"0.5.4"},{"introduced":"0"},{"last_affected":"0.5.5"},{"introduced":"0"},{"last_affected":"0.5.6"},{"introduced":"0"},{"last_affected":"0.5.7-NA"},{"introduced":"0"},{"last_affected":"0.5.7-pre4"},{"introduced":"0"},{"last_affected":"0.5.8"},{"introduced":"0"},{"last_affected":"0.6-pre0"},{"introduced":"0"},{"last_affected":"dev5"},{"introduced":"0"},{"last_affected":"dev6"},{"introduced":"0"},{"last_affected":"dev7"},{"introduced":"0"},{"last_affected":"dev8"},{"introduced":"0"},{"last_affected":"dev9"},{"introduced":"0"},{"last_affected":"dev10"},{"introduced":"0"},{"last_affected":"dev62"},{"introduced":"0"},{"last_affected":"dev63"},{"introduced":"0"},{"last_affected":"dev64"},{"introduced":"0"},{"last_affected":"dev65"},{"introduced":"0"},{"last_affected":"dev66"},{"introduced":"0"},{"last_affected":"dev67"},{"introduced":"0"},{"last_affected":"dev68"},{"introduced":"0"},{"last_affected":"dev69"},{"introduced":"0"},{"last_affected":"dev70"},{"introduced":"0"},{"last_affected":"dev71"},{"introduced":"0"},{"last_affected":"dev72"},{"introduced":"0"},{"last_affected":"dev73"},{"introduced":"0"},{"last_affected":"dev75"},{"introduced":"0"},{"last_affected":"dev76"},{"introduced":"0"},{"last_affected":"dev77"},{"introduced":"0"},{"last_affected":"dev78"},{"introduced":"0"},{"last_affected":"dev79"},{"introduced":"0"},{"last_affected":"dev80"}]}}],"versions":["dev10","dev5","dev6","dev62","dev63","dev64","dev65","dev66","dev67","dev68","dev69","dev7","dev70","dev71","dev72","dev73","dev75","dev76","dev77","dev78","dev79","dev8","dev80","dev9","v0.2","v0.2.1","v0.2.2","v0.3","v0.3.1","v0.4","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.5-real","v0.4.6","v0.4.7","v0.5","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.6","v0.5.7","v0.5.7pre4","v0.5.8","v0.6pre0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:42:01Z","vanir_signatures":[{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["335054832721819695341258929487485254091","188167164482528443823020661433853272003","275695170689737141780568725748329210444","229775994306794305861732485281585947710","205542306335405924399593836027670631170","5527374082439882929407294290345732572","14205804872781347412031128190549890686","224527381082166424050347205262292829280","299615791772188005475367469667676677627","35291682120878028074562167328046806675","229305566675741677860294076858399250525","191678615460417363471654598511070760145","94755691338511321975974293456769700443","338229083817740201723464914651087997401","231427078726831481721968362667948769222","180429986184618552289062435907467840408","178998884727283178971979818122113358261","176855138969740191773339550628523287765","292788389037357391129479104853790042689","145057607930188924730787717210684651415","12026866681922850118580940562993504400","138193661692865688140163686713591072773","247988030675059336927251877141400701104","202937378793698949818660023902147530893"]},"target":{"file":"src/gui/pattern.cpp"},"id":"CVE-2022-1289-1ce81ad5","signature_type":"Line","signature_version":"v1","source":"https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"},{"deprecated":false,"digest":{"function_hash":"209561055361738806669877998052791832808","length":12437},"target":{"function":"FurnaceGUI::patternRow","file":"src/gui/pattern.cpp"},"id":"CVE-2022-1289-b057369c","signature_type":"Function","signature_version":"v1","source":"https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1289.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}