Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2022-2372
Vulnerability from csaf_certbund - Published: 2022-12-19 23:00 - Updated: 2023-01-19 23:00Summary
genua genugate: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.
Angriff
Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die genugate ist ein mehrstufiges Firewallprodukt des Herstellers genua GmbH.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann einige der mehreren Schwachstellen in Komponenten von Drittanbietern ausnutzen, die von genua genugate verwendet werden, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2372 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2372.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2372 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2372"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-105p1-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=37a9613baf9adebc3e20772aaa249fc3"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-104p2-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=9cc97408444883591a94c7b03271ff7b"
},
{
"category": "external",
"summary": "Genua Patch vom 2022-12-19",
"url": "https://kunde.genua.de/nc/suche/view/neuer-patch-genugate-100p12-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0\u0026tx_genusupport_content%5BsearchTerm%5D=\u0026tx_genusupport_content%5BforcePath%5D=\u0026tx_genusupport_content%5Baction%5D=genuSupportSearch\u0026tx_genusupport_content%5Bcontroller%5D=Content\u0026cHash=ef1c457a05f6f4465cc46f9369fe23d5"
}
],
"source_lang": "en-US",
"title": "genua genugate: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-19T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:40:14.418+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2372",
"initial_release_date": "2022-12-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "CVE Nummern erg\u00e4nzt; Hinweis: nicht alle CVE bei genugate ausnutzbar"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "genua genugate \u003c 10.0p12",
"product": {
"name": "genua genugate \u003c 10.0p12",
"product_id": "T025654",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.0p12"
}
}
},
{
"category": "product_name",
"name": "genua genugate \u003c 10.4p2",
"product": {
"name": "genua genugate \u003c 10.4p2",
"product_id": "T025655",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.4p2"
}
}
},
{
"category": "product_name",
"name": "genua genugate \u003c 10.5p1",
"product": {
"name": "genua genugate \u003c 10.5p1",
"product_id": "T025656",
"product_identification_helper": {
"cpe": "cpe:/h:genua:genugate:10.5p1"
}
}
}
],
"category": "product_name",
"name": "genugate"
}
],
"category": "vendor",
"name": "genua"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-44640",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44640"
},
{
"cve": "CVE-2022-44638",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-44638"
},
{
"cve": "CVE-2022-43680",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42898",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-41916",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-41916"
},
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-40304",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-40303",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-35260",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-3437",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-3437"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2021-44758",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-44758"
},
{
"cve": "CVE-2021-3671",
"notes": [
{
"category": "description",
"text": "In genua genugate existieren mehrere Schwachstellen in unterschiedlichen Komponenten. Ein Angreifer kann einige dieser Schwachstellen ausnutzen, um Informationen offenzulegen und potentiell weitere, unbekannte Auswirkungen zu erzielen."
}
],
"release_date": "2022-12-19T23:00:00.000+00:00",
"title": "CVE-2021-3671"
}
]
}
CVE-2022-40674 (GCVE-0-2022-40674)
Vulnerability from cvelistv5 – Published: 2022-09-14 00:00 – Updated: 2025-05-30 19:18
VLAI?
EPSS
Summary
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/629"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/640"
},
{
"name": "DSA-5236",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5236"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"name": "FEDORA-2022-15ec504440",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/"
},
{
"name": "FEDORA-2022-c68d90efc3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0008/"
},
{
"name": "FEDORA-2022-d93b3bd8b9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"
},
{
"name": "FEDORA-2022-c22feb71ba",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"
},
{
"name": "FEDORA-2022-dcb1d7bcb1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"
},
{
"name": "GLSA-202211-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:17:58.194138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:18:52.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/629"
},
{
"url": "https://github.com/libexpat/libexpat/pull/640"
},
{
"name": "DSA-5236",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5236"
},
{
"name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"name": "FEDORA-2022-15ec504440",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/"
},
{
"name": "FEDORA-2022-c68d90efc3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0008/"
},
{
"name": "FEDORA-2022-d93b3bd8b9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"
},
{
"name": "FEDORA-2022-c22feb71ba",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"
},
{
"name": "FEDORA-2022-dcb1d7bcb1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"
},
{
"name": "GLSA-202211-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40674",
"datePublished": "2022-09-14T00:00:00.000Z",
"dateReserved": "2022-09-14T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:18:52.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42898 (GCVE-0-2022-42898)
Vulnerability from cvelistv5 – Published: 2022-12-25 00:00 – Updated: 2025-04-14 18:33
VLAI?
EPSS
Summary
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://web.mit.edu/kerberos/advisories/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"
},
{
"tags": [
"x_transferred"
],
"url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://web.mit.edu/kerberos/krb5-1.19/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-06"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:11:12.341307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:33:09.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T08:06:38.475Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://web.mit.edu/kerberos/advisories/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-42898.html"
},
{
"url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"
},
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"
},
{
"url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"
},
{
"url": "https://web.mit.edu/kerberos/krb5-1.19/"
},
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15203"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230223-0001/"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-06"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42898",
"datePublished": "2022-12-25T00:00:00.000Z",
"dateReserved": "2022-10-13T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:33:09.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35260 (GCVE-0-2022-35260)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2024-11-19 20:09
VLAI?
EPSS
Summary
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.86.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1721098"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35260",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-27T19:48:27.630222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T20:09:10.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.86.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1721098"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35260",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-07-06T00:00:00",
"dateUpdated": "2024-11-19T20:09:10.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35252 (GCVE-0-2022-35252)
Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-05 16:14
VLAI?
EPSS
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Severity ?
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in curl 7.85.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1613943"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213603"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:42.952225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:14:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in curl 7.85.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1613943"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://support.apple.com/kb/HT213603"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35252",
"datePublished": "2022-09-23T00:00:00.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:14:44.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40304 (GCVE-0-2022-40304)
Vulnerability from cvelistv5 – Published: 2022-11-23 00:00 – Updated: 2025-04-28 19:49
VLAI?
EPSS
Summary
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213534"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213533"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213531"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213535"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/25"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/24"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T19:47:33.415083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T19:49:17.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"url": "https://support.apple.com/kb/HT213534"
},
{
"url": "https://support.apple.com/kb/HT213533"
},
{
"url": "https://support.apple.com/kb/HT213531"
},
{
"url": "https://support.apple.com/kb/HT213536"
},
{
"url": "https://support.apple.com/kb/HT213535"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/25"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/24"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40304",
"datePublished": "2022-11-23T00:00:00.000Z",
"dateReserved": "2022-09-09T00:00:00.000Z",
"dateUpdated": "2025-04-28T19:49:17.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32221 (GCVE-0-2022-32221)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2024-08-03 07:32
VLAI?
EPSS
Summary
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Information Disclosure (CWE-200)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.86.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1704017"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
},
{
"name": "DSA-5330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5330"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230208-0002/"
},
{
"name": "[oss-security] 20230517 curl: CVE-2023-28322: more POST-after-PUT confusion",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/17/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.86.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure (CWE-200)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-17T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1704017"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230110-0006/"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
},
{
"name": "DSA-5330",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5330"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230208-0002/"
},
{
"name": "[oss-security] 20230517 curl: CVE-2023-28322: more POST-after-PUT confusion",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/17/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32221",
"datePublished": "2022-12-05T00:00:00",
"dateReserved": "2022-06-01T00:00:00",
"dateUpdated": "2024-08-03T07:32:56.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42915 (GCVE-0-2022-42915)
Vulnerability from cvelistv5 – Published: 2022-10-29 00:00 – Updated: 2025-05-07 13:59
VLAI?
EPSS
Summary
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2022-42915.html"
},
{
"name": "FEDORA-2022-01ffde372c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/"
},
{
"name": "FEDORA-2022-39688a779d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/"
},
{
"name": "FEDORA-2022-e9d65906c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0010/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:58:40.839541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T13:59:25.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://curl.se/docs/CVE-2022-42915.html"
},
{
"name": "FEDORA-2022-01ffde372c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/"
},
{
"name": "FEDORA-2022-39688a779d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/"
},
{
"name": "FEDORA-2022-e9d65906c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0010/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42915",
"datePublished": "2022-10-29T00:00:00.000Z",
"dateReserved": "2022-10-13T00:00:00.000Z",
"dateUpdated": "2025-05-07T13:59:25.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40303 (GCVE-0-2022-40303)
Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-29 04:24
VLAI?
EPSS
Summary
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:40.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213534"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213533"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213531"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213535"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/25"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/24"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T04:23:26.478461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T04:24:02.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"
},
{
"url": "https://support.apple.com/kb/HT213534"
},
{
"url": "https://support.apple.com/kb/HT213533"
},
{
"url": "https://support.apple.com/kb/HT213531"
},
{
"url": "https://support.apple.com/kb/HT213536"
},
{
"url": "https://support.apple.com/kb/HT213535"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/25"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/24"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40303",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-09-09T00:00:00.000Z",
"dateUpdated": "2025-04-29T04:24:02.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43680 (GCVE-0-2022-43680)
Vulnerability from cvelistv5 – Published: 2022-10-24 00:00 – Updated: 2025-05-30 19:20
VLAI?
EPSS
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T19:19:46.789242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T19:20:52.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T12:06:22.913Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/650"
},
{
"url": "https://github.com/libexpat/libexpat/issues/649"
},
{
"url": "https://github.com/libexpat/libexpat/pull/616"
},
{
"name": "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"
},
{
"name": "DSA-5266",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5266"
},
{
"name": "GLSA-202210-38",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-38"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"name": "FEDORA-2022-5f1e2e9016",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"
},
{
"name": "FEDORA-2022-49db80f821",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"
},
{
"name": "FEDORA-2022-c43235716e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221118-0007/"
},
{
"name": "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/5"
},
{
"name": "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43680",
"datePublished": "2022-10-24T00:00:00.000Z",
"dateReserved": "2022-10-24T00:00:00.000Z",
"dateUpdated": "2025-05-30T19:20:52.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3671 (GCVE-0-2021-3671)
Vulnerability from cvelistv5 – Published: 2021-10-12 00:00 – Updated: 2024-08-03 17:01
VLAI?
EPSS
Summary
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14770%2C"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a"
},
{
"name": "DSA-5287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5287"
},
{
"name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in samba 4.13.12, samba 4.14.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013080%2C"
},
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=14770%2C"
},
{
"url": "https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a"
},
{
"name": "DSA-5287",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5287"
},
{
"name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3671",
"datePublished": "2021-10-12T00:00:00",
"dateReserved": "2021-07-30T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3437 (GCVE-0-2022-3437)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2024-10-28 18:59
VLAI?
EPSS
Summary
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.
Severity ?
4.3 (Medium)
CWE
- CWE-122 - - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:samba:samba:4.15.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "samba",
"vendor": "samba",
"versions": [
{
"status": "unaffected",
"version": "4.15.11"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T18:53:20.072020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:59:39.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2022-3437.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-3437"
},
{
"name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-06"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
},
{
"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in samba 4.15.11, samba 4.16.6, samba 4.17.2."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 - Heap-based Buffer Overflow, CWE-787 - Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T16:06:05.042792",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137774"
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-3437.html"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3437"
},
{
"name": "[oss-security] 20230208 [vs] heimdal: CVE-2022-45142: signature validation failure",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/08/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202309-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-06"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-06"
},
{
"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3437",
"datePublished": "2023-01-12T00:00:00",
"dateReserved": "2022-10-10T00:00:00",
"dateUpdated": "2024-10-28T18:59:39.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41916 (GCVE-0-2022-41916)
Vulnerability from cvelistv5 – Published: 2022-11-15 00:00 – Updated: 2025-04-23 16:37
VLAI?
EPSS
Summary
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.
Severity ?
5.9 (Medium)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
},
{
"name": "DSA-5287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5287"
},
{
"name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:33.510262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:37:26.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "heimdal",
"vendor": "heimdal",
"versions": [
{
"status": "affected",
"version": "\u003c 7.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T08:06:36.676Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
},
{
"name": "DSA-5287",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5287"
},
{
"name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"source": {
"advisory": "GHSA-mgqr-gvh6-23cx",
"discovery": "UNKNOWN"
},
"title": "Read one byte past a buffer when normalizing Unicode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41916",
"datePublished": "2022-11-15T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:37:26.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44758 (GCVE-0-2021-44758)
Vulnerability from cvelistv5 – Published: 2022-12-26 00:00 – Updated: 2025-04-14 15:57
VLAI?
EPSS
Summary
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:56:38.475347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:57:20.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T08:06:39.029Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv"
},
{
"url": "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580"
},
{
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44758",
"datePublished": "2022-12-26T00:00:00.000Z",
"dateReserved": "2021-12-08T00:00:00.000Z",
"dateUpdated": "2025-04-14T15:57:20.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44640 (GCVE-0-2022-44640)
Vulnerability from cvelistv5 – Published: 2022-12-25 00:00 – Updated: 2025-04-15 13:20
VLAI?
EPSS
Summary
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:20:08.332800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:20:13.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T08:06:33.314Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44640",
"datePublished": "2022-12-25T00:00:00.000Z",
"dateReserved": "2022-11-03T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:20:13.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44638 (GCVE-0-2022-44638)
Vulnerability from cvelistv5 – Published: 2022-11-03 00:00 – Updated: 2025-05-02 19:12
VLAI?
EPSS
Summary
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/pixman/pixman/-/issues/63"
},
{
"name": "[oss-security] 20221104 Fwd: [ANNOUNCE] pixman release 0.42.2 now available",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/05/1"
},
{
"name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3179-1] pixman security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "DSA-5276",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5276"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T19:11:57.672723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T19:12:26.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/pixman/pixman/-/issues/63"
},
{
"name": "[oss-security] 20221104 Fwd: [ANNOUNCE] pixman release 0.42.2 now available",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/05/1"
},
{
"name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3179-1] pixman security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html"
},
{
"name": "FEDORA-2022-ae2559a8f4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"
},
{
"name": "DSA-5276",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5276"
},
{
"name": "FEDORA-2022-3cf0e7ebc7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"
},
{
"name": "FEDORA-2022-f3a939e960",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"
},
{
"url": "http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44638",
"datePublished": "2022-11-03T00:00:00.000Z",
"dateReserved": "2022-11-03T00:00:00.000Z",
"dateUpdated": "2025-05-02T19:12:26.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42916 (GCVE-0-2022-42916)
Vulnerability from cvelistv5 – Published: 2022-10-29 00:00 – Updated: 2024-08-03 13:19
VLAI?
EPSS
Summary
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2022-42916.html"
},
{
"name": "FEDORA-2022-01ffde372c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/"
},
{
"name": "FEDORA-2022-39688a779d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/"
},
{
"name": "FEDORA-2022-e9d65906c4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0010/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/21/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://curl.se/docs/CVE-2022-42916.html"
},
{
"name": "FEDORA-2022-01ffde372c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/"
},
{
"name": "FEDORA-2022-39688a779d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/"
},
{
"name": "FEDORA-2022-e9d65906c4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0010/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/21/1"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"url": "https://support.apple.com/kb/HT213605"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42916",
"datePublished": "2022-10-29T00:00:00",
"dateReserved": "2022-10-13T00:00:00",
"dateUpdated": "2024-08-03T13:19:05.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…