CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CVE-2022-23492 (GCVE-0-2022-23492)
Vulnerability from cvelistv5 – Published: 2022-12-08 00:08 – Updated: 2025-04-23 16:31
VLAI
Title
go-libp2p denial of service vulnerability from lack of resource management
Summary
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/libp2p/go-libp2p/security/advi… | x_refsource_CONFIRM |
| https://github.com/libp2p/go-libp2p/commit/15d7df… | x_refsource_MISC |
| https://docs.libp2p.io/reference/dos-mitigation/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-j7qp-mfxf-8xjw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-j7qp-mfxf-8xjw"
},
{
"name": "https://github.com/libp2p/go-libp2p/commit/15d7dfbf54264ead8e6f49ca658d79c90635e2de",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libp2p/go-libp2p/commit/15d7dfbf54264ead8e6f49ca658d79c90635e2de"
},
{
"name": "https://docs.libp2p.io/reference/dos-mitigation/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.libp2p.io/reference/dos-mitigation/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:48:12.746050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:31:24.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-libp2p",
"vendor": "libp2p",
"versions": [
{
"status": "affected",
"version": "\u003c 0.18.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p\u2019s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host\u2019s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:08:11.210Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-j7qp-mfxf-8xjw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libp2p/go-libp2p/security/advisories/GHSA-j7qp-mfxf-8xjw"
},
{
"name": "https://github.com/libp2p/go-libp2p/commit/15d7dfbf54264ead8e6f49ca658d79c90635e2de",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libp2p/go-libp2p/commit/15d7dfbf54264ead8e6f49ca658d79c90635e2de"
},
{
"name": "https://docs.libp2p.io/reference/dos-mitigation/",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.libp2p.io/reference/dos-mitigation/"
}
],
"source": {
"advisory": "GHSA-j7qp-mfxf-8xjw",
"discovery": "UNKNOWN"
},
"title": "go-libp2p denial of service vulnerability from lack of resource management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23492",
"datePublished": "2022-12-08T00:08:11.210Z",
"dateReserved": "2022-01-19T21:23:53.765Z",
"dateUpdated": "2025-04-23T16:31:24.219Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23524 (GCVE-0-2022-23524)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:28 – Updated: 2025-04-18 15:59
VLAI
Title
Helm vulnerable to Denial of service through string value parsing
Summary
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
Severity
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/helm/helm/security/advisories/… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:59:20.367135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:59:27.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "helm",
"vendor": "helm",
"versions": [
{
"status": "affected",
"version": "\u003c v3.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won\u0027t create large arrays causing significant memory usage before passing them to the _strvals_ functions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:28:34.540Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r"
}
],
"source": {
"advisory": "GHSA-6rx9-889q-vv2r",
"discovery": "UNKNOWN"
},
"title": "Helm vulnerable to Denial of service through string value parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23524",
"datePublished": "2022-12-15T00:28:34.540Z",
"dateReserved": "2022-01-19T21:23:53.783Z",
"dateUpdated": "2025-04-18T15:59:27.542Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23580 (GCVE-0-2022-23580)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2025-04-22 18:24
VLAI
Title
Abort caused by allocating a vector that is too large in Tensorflow
Summary
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Severity
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/security… | x_refsource_CONFIRM |
| https://github.com/tensorflow/tensorflow/commit/1… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/blob/a13… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | tensorflow |
Affected:
>= 2.7.0, < 2.7.1
Affected: >= 2.6.0, < 2.6.3 Affected: < 2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23580",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:50:27.461132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:24:56.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"status": "affected",
"version": "\u003c 2.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:32:25.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790"
}
],
"source": {
"advisory": "GHSA-627q-g293-49q7",
"discovery": "UNKNOWN"
},
"title": "Abort caused by allocating a vector that is too large in Tensorflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23580",
"STATE": "PUBLIC",
"TITLE": "Abort caused by allocating a vector that is too large in Tensorflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"version_value": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"version_value": "\u003c 2.5.3"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7"
},
{
"name": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.cc#L788-L790"
}
]
},
"source": {
"advisory": "GHSA-627q-g293-49q7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23580",
"datePublished": "2022-02-04T22:32:25.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:24:56.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23591 (GCVE-0-2022-23591)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:32 – Updated: 2025-04-23 19:08
VLAI
Title
Stack overflow in Tensorflow
Summary
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/security… | x_refsource_CONFIRM |
| https://github.com/tensorflow/tensorflow/commit/4… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | tensorflow |
Affected:
>= 2.7.0, < 2.7.1
Affected: >= 2.6.0, < 2.6.3 Affected: < 2.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:57:48.274385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:08:10.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"status": "affected",
"version": "\u003c 2.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:32:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c"
}
],
"source": {
"advisory": "GHSA-247x-2f9f-5wp7",
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Tensorflow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23591",
"STATE": "PUBLIC",
"TITLE": "Stack overflow in Tensorflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.7.0, \u003c 2.7.1"
},
{
"version_value": "\u003e= 2.6.0, \u003c 2.6.3"
},
{
"version_value": "\u003c 2.5.3"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996c"
}
]
},
"source": {
"advisory": "GHSA-247x-2f9f-5wp7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23591",
"datePublished": "2022-02-04T22:32:09.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:08:10.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23951 (GCVE-0-2022-23951)
Vulnerability from cvelistv5 – Published: 2022-09-21 18:25 – Updated: 2025-05-27 20:16
VLAI
Summary
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
Severity
5.5 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://seclists.org/oss-sec/2022/q1/101 | x_refsource_MISC |
| https://github.com/keylime/keylime/security/advis… | x_refsource_MISC |
| https://github.com/keylime/keylime/commit/6e44758… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2022/q1/101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-23951",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T20:14:28.541558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T20:16:04.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "keylime",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "keylime 6.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T18:25:07.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2022/q1/101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"ID": "CVE-2022-23951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keylime",
"version": {
"version_data": [
{
"version_value": "keylime 6.3.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/oss-sec/2022/q1/101",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2022/q1/101"
},
{
"name": "https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2",
"refsource": "MISC",
"url": "https://github.com/keylime/keylime/security/advisories/GHSA-6xx7-m45w-76m2"
},
{
"name": "https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355",
"refsource": "MISC",
"url": "https://github.com/keylime/keylime/commit/6e44758b64b0ee13564fc46e807f4ba98091c355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2022-23951",
"datePublished": "2022-09-21T18:25:07.000Z",
"dateReserved": "2022-01-25T00:00:00.000Z",
"dateUpdated": "2025-05-27T20:16:04.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24040 (GCVE-0-2022-24040)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:46 – Updated: 2024-08-03 03:59
VLAI
Summary
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Desigo DXR2 |
Affected:
All versions < V01.21.142.5-22
|
|
| Siemens | Desigo PXC3 |
Affected:
All versions < V01.21.142.4-18
|
|
| Siemens | Desigo PXC4 |
Affected:
All versions < V02.20.142.10-10884
|
|
| Siemens | Desigo PXC5 |
Affected:
All versions < V02.20.142.10-10884
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Desigo DXR2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.5-22"
}
]
},
{
"product": "Desigo PXC3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V01.21.142.4-18"
}
]
},
{
"product": "Desigo PXC4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
},
{
"product": "Desigo PXC5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V02.20.142.10-10884"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T09:21:30.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo DXR2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.5-22"
}
]
}
},
{
"product_name": "Desigo PXC3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V01.21.142.4-18"
}
]
}
},
{
"product_name": "Desigo PXC4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
},
{
"product_name": "Desigo PXC5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V02.20.142.10-10884"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo DXR2 (All versions \u003c V01.21.142.5-22), Desigo PXC3 (All versions \u003c V01.21.142.4-18), Desigo PXC4 (All versions \u003c V02.20.142.10-10884), Desigo PXC5 (All versions \u003c V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24040",
"datePublished": "2022-05-10T09:46:48.000Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:59:23.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2406 (GCVE-0-2022-2406)
Vulnerability from cvelistv5 – Published: 2022-07-14 17:23 – Updated: 2024-12-06 23:08
VLAI
Title
Malicious imports can lead to Denial of Service
Summary
The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.
Severity
4.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
unspecified , ≤ 6.3.8
(custom)
Affected: 6.4.x Affected: 6.7.x 6.7.0 Affected: 6.5.x , ≤ 6.5.1 (custom) Affected: 6.6.x , ≤ 6.6.1 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:52:44.555728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:08:23.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "6.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.4.x"
},
{
"status": "affected",
"version": "6.7.x 6.7.0"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.1",
"status": "affected",
"version": "6.6.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Juho Nurminen for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T17:23:55.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to version v7.0.0, 6.7.1, 6.6.2, 6.5.2, 6.3.9 or higher."
}
],
"source": {
"advisory": "MMSA-2022-00102",
"discovery": "INTERNAL"
},
"title": "Malicious imports can lead to Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-2406",
"STATE": "PUBLIC",
"TITLE": "Malicious imports can lead to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "6.3.8"
},
{
"version_affected": "=",
"version_name": "6.4.x",
"version_value": "6.4.x"
},
{
"version_affected": "\u003c=",
"version_name": "6.5.x",
"version_value": "6.5.1"
},
{
"version_affected": "\u003c=",
"version_name": "6.6.x",
"version_value": "6.6.1"
},
{
"version_affected": "=",
"version_name": "6.7.x",
"version_value": "6.7.0"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Juho Nurminen for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Mattermost to version v7.0.0, 6.7.1, 6.6.2, 6.5.2, 6.3.9 or higher."
}
],
"source": {
"advisory": "MMSA-2022-00102",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-2406",
"datePublished": "2022-07-14T17:23:55.000Z",
"dateReserved": "2022-07-14T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:08:23.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24294 (GCVE-0-2022-24294)
Vulnerability from cvelistv5 – Published: 2022-07-24 17:45 – Updated: 2024-08-03 04:07
VLAI
Title
ReDoS in Apache MXNet RTC Module
Summary
A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/b1fbfmvzlr2bbp95l… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/07/24/2 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache MXNet |
Affected:
unspecified , < 1.9.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o"
},
{
"name": "[oss-security] 20220724 CVE-2022-24294: ReDoS in Apache MXNet RTC Module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/24/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache MXNet",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache MXNet would like to thank Dwi Siswanto for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1."
}
],
"metrics": [
{
"other": {
"content": {
"other": "low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-24T20:06:12.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o"
},
{
"name": "[oss-security] 20220724 CVE-2022-24294: ReDoS in Apache MXNet RTC Module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/24/2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-25T00:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2022-01-17T00:00:00.000Z",
"value": "fix merged into master branch"
},
{
"lang": "en",
"time": "2022-01-27T00:00:00.000Z",
"value": "fix merged into v1.x, v1.9.x branches"
},
{
"lang": "en",
"time": "2022-05-27T00:00:00.000Z",
"value": "Apache MXNet (incubating) 1.9.1 released which contains fix."
}
],
"title": "ReDoS in Apache MXNet RTC Module",
"workarounds": [
{
"lang": "en",
"value": "Users that depend on MXNet 1.x are advised to upgrade to MXNet\u003e=1.9.1,\u003c2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-24294",
"STATE": "PUBLIC",
"TITLE": "ReDoS in Apache MXNet RTC Module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache MXNet",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.9.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache MXNet would like to thank Dwi Siswanto for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/b1fbfmvzlr2bbp95lqoh3mtovclfcl3o"
},
{
"name": "[oss-security] 20220724 CVE-2022-24294: ReDoS in Apache MXNet RTC Module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/24/2"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-25T00:00:00.000Z",
"value": "reported"
},
{
"lang": "en",
"time": "2022-01-17T00:00:00.000Z",
"value": "fix merged into master branch"
},
{
"lang": "en",
"time": "2022-01-27T00:00:00.000Z",
"value": "fix merged into v1.x, v1.9.x branches"
},
{
"lang": "en",
"time": "2022-05-27T00:00:00.000Z",
"value": "Apache MXNet (incubating) 1.9.1 released which contains fix."
}
],
"work_around": [
{
"lang": "en",
"value": "Users that depend on MXNet 1.x are advised to upgrade to MXNet\u003e=1.9.1,\u003c2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-24294",
"datePublished": "2022-07-24T17:45:12.000Z",
"dateReserved": "2022-02-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24713 (GCVE-0-2022-24713)
Vulnerability from cvelistv5 – Published: 2022-03-08 19:00 – Updated: 2025-04-23 18:58
VLAI
Title
Regular expression denial of service in Rust's regex crate
Summary
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://github.com/rust-lang/regex/security/advis… | x_refsource_CONFIRM |
| https://github.com/rust-lang/regex/commit/ae70b41… | x_refsource_MISC |
| https://groups.google.com/g/rustlang-security-ann… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5113 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5118 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/202208-08 | vendor-advisoryx_refsource_GENTOO |
| https://security.gentoo.org/glsa/202208-14 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw"
},
{
"name": "FEDORA-2022-ceb3e03c5e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/"
},
{
"name": "FEDORA-2022-8436ac4c39",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/"
},
{
"name": "FEDORA-2022-d20d44ba98",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/"
},
{
"name": "[debian-lts-announce] 20220407 [SECURITY] [DLA 2971-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html"
},
{
"name": "DSA-5113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5113"
},
{
"name": "[debian-lts-announce] 20220411 [SECURITY] [DLA 2978-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html"
},
{
"name": "DSA-5118",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5118"
},
{
"name": "GLSA-202208-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-08"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:58.280846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:58:21.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "regex",
"vendor": "rust-lang",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:12:38.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw"
},
{
"name": "FEDORA-2022-ceb3e03c5e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/"
},
{
"name": "FEDORA-2022-8436ac4c39",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/"
},
{
"name": "FEDORA-2022-d20d44ba98",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/"
},
{
"name": "[debian-lts-announce] 20220407 [SECURITY] [DLA 2971-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html"
},
{
"name": "DSA-5113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5113"
},
{
"name": "[debian-lts-announce] 20220411 [SECURITY] [DLA 2978-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html"
},
{
"name": "DSA-5118",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5118"
},
{
"name": "GLSA-202208-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-08"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"source": {
"advisory": "GHSA-m5pq-gvj9-9vr8",
"discovery": "UNKNOWN"
},
"title": "Regular expression denial of service in Rust\u0027s regex crate",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24713",
"STATE": "PUBLIC",
"TITLE": "Regular expression denial of service in Rust\u0027s regex crate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "regex",
"version": {
"version_data": [
{
"version_value": "\u003c 1.5.5"
}
]
}
}
]
},
"vendor_name": "rust-lang"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8",
"refsource": "CONFIRM",
"url": "https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8"
},
{
"name": "https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e",
"refsource": "MISC",
"url": "https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e"
},
{
"name": "https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw",
"refsource": "MISC",
"url": "https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw"
},
{
"name": "FEDORA-2022-ceb3e03c5e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDOWTHNVGBOP2HN27PUFIGRYNSNDTYRJ/"
},
{
"name": "FEDORA-2022-8436ac4c39",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JANLZ3JXWJR7FSHE57K66UIZUIJZI67T/"
},
{
"name": "FEDORA-2022-d20d44ba98",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3YB7CURSG64CIPCDPNMGPE4UU24AB6H/"
},
{
"name": "[debian-lts-announce] 20220407 [SECURITY] [DLA 2971-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00003.html"
},
{
"name": "DSA-5113",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5113"
},
{
"name": "[debian-lts-announce] 20220411 [SECURITY] [DLA 2978-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00009.html"
},
{
"name": "DSA-5118",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5118"
},
{
"name": "GLSA-202208-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-08"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
},
"source": {
"advisory": "GHSA-m5pq-gvj9-9vr8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24713",
"datePublished": "2022-03-08T19:00:12.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:58:21.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24726 (GCVE-0-2022-24726)
Vulnerability from cvelistv5 – Published: 2022-03-10 20:45 – Updated: 2025-04-23 18:55
VLAI
Title
Unauthenticated control plane denial of service attack in Istio
Summary
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/istio/istio/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/golang/go/issues/51112 | x_refsource_MISC |
| https://github.com/istio/istio/commit/6ca5055a4db… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/golang/go/issues/51112"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:46.812613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:55:37.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "istio",
"vendor": "istio",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.8,"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.5"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T20:45:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang/go/issues/51112"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd"
}
],
"source": {
"advisory": "GHSA-8w5h-qr4r-2h6g",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated control plane denial of service attack in Istio",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24726",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated control plane denial of service attack in Istio"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "istio",
"version": {
"version_data": [
{
"version_value": "\u003c 1.11.8,"
},
{
"version_value": "\u003e= 1.12.0, \u003c 1.12.5"
},
{
"version_value": "\u003e= 1.13.0, \u003c 1.13.2"
}
]
}
}
]
},
"vendor_name": "istio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g",
"refsource": "CONFIRM",
"url": "https://github.com/istio/istio/security/advisories/GHSA-8w5h-qr4r-2h6g"
},
{
"name": "https://github.com/golang/go/issues/51112",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/51112"
},
{
"name": "https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd",
"refsource": "MISC",
"url": "https://github.com/istio/istio/commit/6ca5055a4db6695ef5504eabdfde3799f2ea91fd"
}
]
},
"source": {
"advisory": "GHSA-8w5h-qr4r-2h6g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24726",
"datePublished": "2022-03-10T20:45:12.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:55:37.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
Phase: Architecture and Design
Description:
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that protocols have specific limits of scale placed on them.
Mitigation
Phase: Implementation
Description:
- Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.