cvelistv5 - cve-2022-2832

CVE-2022-2832 (GCVE-0-2022-2832)

Vulnerability from cvelistv5 – Published: 2022-08-16 19:26 – Updated: 2024-08-03 00:52

Summary

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

Severity ?

No CVSS data available.

CWE

CWE-395

Assigner

redhat

References

URL

	Vendor	Product	Version
	n/a	Blender	Affected: Blender 3.3.0

GHSA-JW85-MC7H-C36V

Vulnerability from github – Published: 2022-08-17 00:00 – Updated: 2022-08-19 00:00

Details

When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-2832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-395",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it\u0027s possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.",
  "id": "GHSA-jw85-mc7h-c36v",
  "modified": "2022-08-19T00:00:21Z",
  "published": "2022-08-17T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:7058"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2832"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
    },
    {
      "type": "WEB",
      "url": "https://developer.blender.org/D15463"
    },
    {
      "type": "WEB",
      "url": "https://developer.blender.org/T99706"
    },
    {
      "type": "WEB",
      "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

RHSA-2022:7058

Vulnerability from csaf_redhat - Published: 2022-10-19 22:19 - Updated: 2025-11-21 18:34

Summary

Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

Notes

Topic

OpenShift sandboxed containers 1.3.1 is now available.

Details

OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift sandboxed containers 1.3.1 is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with  security fixes and a bug fix.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:7058",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2118556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
      },
      {
        "category": "external",
        "summary": "KATA-1754",
        "url": "https://issues.redhat.com/browse/KATA-1754"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7058.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T18:34:08+00:00",
      "generator": {
        "date": "2025-11-21T18:34:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2022:7058",
      "initial_release_date": "2022-10-19T22:19:53+00:00",
      "revision_history": [
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:34:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Sandboxed Containers 1.3",
                "product": {
                  "name": "OpenShift Sandboxed Containers 1.3",
                  "product_id": "8Base-OSE-OSC-1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1.3.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8\u0026tag=1.3.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel8\u0026tag=1.3.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle\u0026tag=1.3.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-rhel8-operator\u0026tag=1.3.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "sangjun"
          ]
        }
      ],
      "cve": "CVE-2022-2832",
      "cwe": {
        "id": "CWE-395",
        "name": "Use of NullPointerException Catch to Detect NULL Pointer Dereference"
      },
      "discovery_date": "2022-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2118556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "blender: Null pointer reference in blender thumbnail extractor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "RHBZ#2118556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
        }
      ],
      "release_date": "2022-08-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "blender: Null pointer reference in blender thumbnail extractor"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    }
  ]
}

RHSA-2022_7058

Vulnerability from csaf_redhat - Published: 2022-10-19 22:19 - Updated: 2024-12-17 22:04

Summary

Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

Notes

Topic

OpenShift sandboxed containers 1.3.1 is now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift sandboxed containers 1.3.1 is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with  security fixes and a bug fix.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:7058",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2118556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
      },
      {
        "category": "external",
        "summary": "KATA-1754",
        "url": "https://issues.redhat.com/browse/KATA-1754"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7058.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
    "tracking": {
      "current_release_date": "2024-12-17T22:04:00+00:00",
      "generator": {
        "date": "2024-12-17T22:04:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2022:7058",
      "initial_release_date": "2022-10-19T22:19:53+00:00",
      "revision_history": [
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T22:04:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Sandboxed Containers 1.3",
                "product": {
                  "name": "OpenShift Sandboxed Containers 1.3",
                  "product_id": "8Base-OSE-OSC-1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1.3.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8\u0026tag=1.3.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel8\u0026tag=1.3.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle\u0026tag=1.3.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-rhel8-operator\u0026tag=1.3.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "sangjun"
          ]
        }
      ],
      "cve": "CVE-2022-2832",
      "cwe": {
        "id": "CWE-395",
        "name": "Use of NullPointerException Catch to Detect NULL Pointer Dereference"
      },
      "discovery_date": "2022-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2118556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "blender: Null pointer reference in blender thumbnail extractor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "RHBZ#2118556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
        }
      ],
      "release_date": "2022-08-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "blender: Null pointer reference in blender thumbnail extractor"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    }
  ]
}

FKIE_CVE-2022-2832

Vulnerability from fkie_nvd - Published: 2022-08-16 21:15 - Updated: 2024-11-21 07:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

References

URL	Tags
secalert@redhat.com	https://developer.blender.org/D15463	Patch, Vendor Advisory
secalert@redhat.com	https://developer.blender.org/T99706	Exploit, Patch, Vendor Advisory
secalert@redhat.com	https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://developer.blender.org/D15463	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://developer.blender.org/T99706	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	blender	blender	3.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "56F05606-9F20-4A78-9679-855302090DDA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un fallo en Blender 3.3.0. Existe una desviaci\u00f3n de puntero nulo en source/blender/gpu/opengl/gl_backend.cc que puede conducir a la p\u00e9rdida de confidencialidad e integridad"
    }
  ],
  "id": "CVE-2022-2832",
  "lastModified": "2024-11-21T07:01:46.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-16T21:15:09.883",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.blender.org/D15463"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.blender.org/T99706"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.blender.org/D15463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.blender.org/T99706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-395"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GSD-2022-2832

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.

Aliases

CVE-2022-2832

Aliases

CVE-2022-2832

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-2832",
    "description": "When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it\u0027s possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.",
    "id": "GSD-2022-2832",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-2832.html",
      "https://access.redhat.com/errata/RHSA-2022:7058"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-2832"
      ],
      "details": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.",
      "id": "GSD-2022-2832",
      "modified": "2023-12-13T01:19:19.857891Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2022-2832",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Blender",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Blender 3.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-395",
                "lang": "eng",
                "value": "CWE-395"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://developer.blender.org/T99706",
            "refsource": "MISC",
            "url": "https://developer.blender.org/T99706"
          },
          {
            "name": "https://developer.blender.org/D15463",
            "refsource": "MISC",
            "url": "https://developer.blender.org/D15463"
          },
          {
            "name": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c",
            "refsource": "MISC",
            "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:blender:blender:3.3.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-2832"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-395"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.blender.org/T99706",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://developer.blender.org/T99706"
            },
            {
              "name": "https://developer.blender.org/D15463",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://developer.blender.org/D15463"
            },
            {
              "name": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-12T22:15Z",
      "publishedDate": "2022-08-16T21:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-2832 (GCVE-0-2022-2832)

GHSA-JW85-MC7H-C36V

RHSA-2022:7058

RHSA-2022_7058

FKIE_CVE-2022-2832

GSD-2022-2832

Tags

Sightings

Nomenclature