Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0504
Vulnerability from certfr_avis - Published: 2023-06-30 - Updated: 2023-06-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.19.0 | ||
| IBM | Db2 | Db2 Graph versions 1.0.0.592 à 1.0.0.1690 sans le dernier correctif de sécurité | ||
| IBM | N/A | IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions antérieures à 4.7 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.19.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Graph versions 1.0.0.592 \u00e0 1.0.0.1690 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2022-33980",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2023-25165",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25165"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2019-19232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19232"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2019-10743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10743"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2022-37866",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
},
{
"name": "CVE-2020-8244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2022-41915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-19234",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19234"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
}
],
"initial_release_date": "2023-06-30T00:00:00",
"last_revision_date": "2023-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0504",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7008449 du 29 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6998815 du 28 juin 2023",
"url": "https://www.ibm.com/support/pages/node/6998815"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 26 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005519"
}
]
}
CVE-2022-33980 (GCVE-0-2022-33980)
Vulnerability from cvelistv5 – Published: 2022-07-06 00:00 – Updated: 2024-08-03 08:16
VLAI
EPSS
Title
Apache Commons Configuration insecure interpolation defaults
Summary
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
Severity
No CVSS data available.
CWE
- Insecure interpolation defaults
Assigner
References
5 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Commons Configuration |
Affected:
Apache Commons Configuration , < 2.8.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s"
},
{
"name": "[oss-security] 20220706 CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/06/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221028-0015/"
},
{
"name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"
},
{
"name": "DSA-5290",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Configuration",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.4",
"status": "affected"
}
],
"lessThan": "2.8.0",
"status": "affected",
"version": "Apache Commons Configuration",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default."
}
],
"metrics": [
{
"other": {
"content": {
"other": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure interpolation defaults",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-28T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s"
},
{
"name": "[oss-security] 20220706 CVE-2022-33980: Apache Commons Configuration insecure interpolation defaults",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/06/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221028-0015/"
},
{
"name": "[oss-security] 20221115 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"
},
{
"name": "DSA-5290",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5290"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Commons Configuration insecure interpolation defaults",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to version Apache Commons Configuration 2.8.0"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-33980",
"datePublished": "2022-07-06T00:00:00.000Z",
"dateReserved": "2022-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:16.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37865 (GCVE-0-2022-37865)
Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2025-05-02 18:35
VLAI
EPSS
Title
Apache Ivy allows creating/overwriting any file on the system
Summary
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- allow create/overwrite any file on the syste
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/gqvvv7qsm2dfjg6xz… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Ivy |
Affected:
2.4.0 , < unspecified
(custom)
Affected: unspecified , ≤ 2.5.0 (custom) |
Credits
This issue was discovered by Kostya Kortchinsky of the Databricks Security Team.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
},
{
"name": "FEDORA-2023-35f775fd6e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:34:25.664772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:35:06.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Ivy",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Kostya Kortchinsky of the Databricks Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the \"zip\", \"jar\" or \"war\" packaging Ivy prior to 2.5.1 doesn\u0027t verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse \"upwards\" using \"..\" sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1."
}
],
"metrics": [
{
"other": {
"content": {
"other": "medium"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "allow create/overwrite any file on the syste",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-04T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/gqvvv7qsm2dfjg6xzsw1s2h08tbr0sdy"
},
{
"name": "FEDORA-2023-35f775fd6e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Ivy allows creating/overwriting any file on the system",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-37865",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2025-05-02T18:35:06.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37866 (GCVE-0-2022-37866)
Vulnerability from cvelistv5 – Published: 2022-11-07 00:00 – Updated: 2025-05-01 20:46
VLAI
EPSS
Title
Apache Ivy allows path traversal in the presence of a malicious repository
Summary
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/htxbr8oc464hxrgro… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Ivy |
Affected:
2.0.0 , < unspecified
(custom)
Affected: unspecified , ≤ 2.5.0 (custom) |
Credits
This issue was discovered by Kostya Kortchinsky of the Databricks Security Team.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b"
},
{
"name": "FEDORA-2023-35f775fd6e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-37866",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T20:46:00.339895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T20:46:04.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache Ivy",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Kostya Kortchinsky of the Databricks Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied \"pattern\" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain \"../\" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy\u0027s local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing \"..\" sequences and a \"normal\" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1."
}
],
"metrics": [
{
"other": {
"content": {
"other": "medium"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-04T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b"
},
{
"name": "FEDORA-2023-35f775fd6e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Ivy allows path traversal in the presence of a malicious repository",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-37866",
"datePublished": "2022-11-07T00:00:00.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2025-05-01T20:46:04.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38749 (GCVE-0-2022-38749)
Vulnerability from cvelistv5 – Published: 2022-09-05 00:00 – Updated: 2024-08-03 11:02
VLAI
EPSS
Title
DoS in SnakeYAML
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Severity
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SnakeYAML",
"vendor": "snakeyaml",
"versions": [
{
"lessThan": "1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:05:59.112Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS in SnakeYAML",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-38749",
"datePublished": "2022-09-05T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T11:02:14.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38750 (GCVE-0-2022-38750)
Vulnerability from cvelistv5 – Published: 2022-09-05 00:00 – Updated: 2024-11-20 14:57
VLAI
EPSS
Title
DoS in SnakeYAML
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T18:43:03.519813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T14:57:41.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SnakeYAML",
"vendor": "snakeyaml",
"versions": [
{
"lessThan": "1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:04.718Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS in SnakeYAML",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-38750",
"datePublished": "2022-09-05T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2024-11-20T14:57:41.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38751 (GCVE-0-2022-38751)
Vulnerability from cvelistv5 – Published: 2022-09-05 00:00 – Updated: 2025-04-21 13:50
VLAI
EPSS
Title
DoS in SnakeYAML
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:36:32.650540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:50:22.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SnakeYAML",
"vendor": "snakeyaml",
"versions": [
{
"lessThan": "1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:02.859Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS in SnakeYAML",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-38751",
"datePublished": "2022-09-05T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:50:22.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38752 (GCVE-0-2022-38752)
Vulnerability from cvelistv5 – Published: 2022-09-05 00:00 – Updated: 2024-08-03 11:02
VLAI
EPSS
Title
DoS in SnakeYAML
Summary
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| snakeyaml | SnakeYAML |
Affected:
unspecified , ≤ 1.31
(custom)
|
|
| snakeyaml_project | snakeyaml |
Affected:
0 , < 1.32
(custom)
cpe:2.3:a:snakeyaml_project:snakeyaml:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snakeyaml_project:snakeyaml:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snakeyaml",
"vendor": "snakeyaml_project",
"versions": [
{
"lessThan": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38752",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T14:02:33.055634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:03:52.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SnakeYAML",
"vendor": "snakeyaml",
"versions": [
{
"lessThanOrEqual": "1.31",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:17.930Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS in SnakeYAML",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-38752",
"datePublished": "2022-09-05T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T11:02:14.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41716 (GCVE-0-2022-41716)
Vulnerability from cvelistv5 – Published: 2022-11-02 15:28 – Updated: 2024-10-30 13:59
VLAI
EPSS
Title
Unsanitized NUL in environment variables on Windows in syscall and os/exec
Summary
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-158 - Improper Neutralization of Null Byte or NUL Character
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | syscall |
Affected:
0 , < 1.18.8
(semver)
Affected: 1.19.0-0 , < 1.19.3 (semver) |
|
| Go standard library | os/exec |
Affected:
0 , < 1.18.8
(semver)
Affected: 1.19.0-0 , < 1.19.3 (semver) |
Credits
RyotaK (https://twitter.com/ryotkak)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230120-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/56284"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/446916"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-1095"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:02:04.861393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T13:59:43.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "syscall",
"platforms": [
"windows"
],
"product": "syscall",
"programRoutines": [
{
"name": "StartProcess"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.18.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.19.3",
"status": "affected",
"version": "1.19.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "os/exec",
"platforms": [
"windows"
],
"product": "os/exec",
"programRoutines": [
{
"name": "Cmd.environ"
},
{
"name": "dedupEnv"
},
{
"name": "dedupEnvCase"
},
{
"name": "Cmd.CombinedOutput"
},
{
"name": "Cmd.Environ"
},
{
"name": "Cmd.Output"
},
{
"name": "Cmd.Run"
},
{
"name": "Cmd.Start"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.18.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.19.3",
"status": "affected",
"version": "1.19.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "RyotaK (https://twitter.com/ryotkak)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-158: Improper Neutralization of Null Byte or NUL Character",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:12:49.198Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/56284"
},
{
"url": "https://go.dev/cl/446916"
},
{
"url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-1095"
}
],
"title": "Unsanitized NUL in environment variables on Windows in syscall and os/exec"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-41716",
"datePublished": "2022-11-02T15:28:19.574Z",
"dateReserved": "2022-09-28T17:00:06.607Z",
"dateUpdated": "2024-10-30T13:59:43.967Z",
"requesterUserId": "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41721 (GCVE-0-2022-41721)
Vulnerability from cvelistv5 – Published: 2023-01-13 22:46 – Updated: 2025-04-04 14:46
VLAI
EPSS
Title
Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
Summary
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE 444: Inconsistent Interpretation of HTTP Requests ("HTTP Request/Response Smuggling)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/http2/h2c |
Affected:
0.0.0-20220524220425-1d687d428aca , < 0.1.1-0.20221104162952-702349b0e862
(semver)
|
Credits
John Howard (Google)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/56352"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/447396"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-1495"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41721",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T14:43:40.503783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T14:46:17.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2/h2c",
"product": "golang.org/x/net/http2/h2c",
"programRoutines": [
{
"name": "h2cHandler.ServeHTTP"
},
{
"name": "h2cUpgrade"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.1.1-0.20221104162952-702349b0e862",
"status": "affected",
"version": "0.0.0-20220524220425-1d687d428aca",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John Howard (Google)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 444: Inconsistent Interpretation of HTTP Requests (\"HTTP Request/Response Smuggling)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-27T02:06:08.833Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/56352"
},
{
"url": "https://go.dev/cl/447396"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1495"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/"
}
],
"title": "Request smuggling due to improper request handling in golang.org/x/net/http2/h2c"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-41721",
"datePublished": "2023-01-13T22:46:22.064Z",
"dateReserved": "2022-09-28T17:00:06.609Z",
"dateUpdated": "2025-04-04T14:46:17.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41723 (GCVE-0-2022-41723)
Vulnerability from cvelistv5 – Published: 2023-02-28 17:19 – Updated: 2025-05-05 16:12
VLAI
EPSS
Title
Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
Summary
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE 400: Uncontrolled Resource Consumption
- NVD-CWE-Other
Assigner
References
15 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.19.6
(semver)
Affected: 1.20.0-0 , < 1.20.1 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.7.0
(semver)
|
|
| golang.org/x/net | golang.org/x/net/http2/hpack |
Affected:
0 , < 0.7.0
(semver)
|
Credits
Philippe Antoine (Catena cyber)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230331-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/57855"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/468135"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/468295"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.couchbase.com/alerts/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:37.352634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NVD-CWE-Other",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:12:28.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.Serve"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.ServeTLS"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.19.6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.20.1",
"status": "affected",
"version": "1.20.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "Transport.RoundTrip"
},
{
"name": "Server.ServeConn"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.Ping"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "ClientConn.Shutdown"
},
{
"name": "ConfigureServer"
},
{
"name": "ConfigureTransport"
},
{
"name": "ConfigureTransports"
},
{
"name": "ConnectionError.Error"
},
{
"name": "ErrCode.String"
},
{
"name": "FrameHeader.String"
},
{
"name": "FrameType.String"
},
{
"name": "FrameWriteRequest.String"
},
{
"name": "Framer.ReadFrame"
},
{
"name": "Framer.WriteContinuation"
},
{
"name": "Framer.WriteData"
},
{
"name": "Framer.WriteDataPadded"
},
{
"name": "Framer.WriteGoAway"
},
{
"name": "Framer.WriteHeaders"
},
{
"name": "Framer.WritePing"
},
{
"name": "Framer.WritePriority"
},
{
"name": "Framer.WritePushPromise"
},
{
"name": "Framer.WriteRSTStream"
},
{
"name": "Framer.WriteRawFrame"
},
{
"name": "Framer.WriteSettings"
},
{
"name": "Framer.WriteSettingsAck"
},
{
"name": "Framer.WriteWindowUpdate"
},
{
"name": "GoAwayError.Error"
},
{
"name": "ReadFrameHeader"
},
{
"name": "Setting.String"
},
{
"name": "SettingID.String"
},
{
"name": "SettingsFrame.ForeachSetting"
},
{
"name": "StreamError.Error"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "bufferedWriter.Flush"
},
{
"name": "bufferedWriter.Write"
},
{
"name": "chunkWriter.Write"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "connError.Error"
},
{
"name": "dataBuffer.Read"
},
{
"name": "duplicatePseudoHeaderError.Error"
},
{
"name": "gzipReader.Close"
},
{
"name": "gzipReader.Read"
},
{
"name": "headerFieldNameError.Error"
},
{
"name": "headerFieldValueError.Error"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "pipe.Read"
},
{
"name": "priorityWriteScheduler.CloseStream"
},
{
"name": "priorityWriteScheduler.OpenStream"
},
{
"name": "pseudoHeaderError.Error"
},
{
"name": "requestBody.Close"
},
{
"name": "requestBody.Read"
},
{
"name": "responseWriter.Flush"
},
{
"name": "responseWriter.FlushError"
},
{
"name": "responseWriter.Push"
},
{
"name": "responseWriter.SetReadDeadline"
},
{
"name": "responseWriter.SetWriteDeadline"
},
{
"name": "responseWriter.Write"
},
{
"name": "responseWriter.WriteHeader"
},
{
"name": "responseWriter.WriteString"
},
{
"name": "serverConn.CloseConn"
},
{
"name": "serverConn.Flush"
},
{
"name": "stickyErrWriter.Write"
},
{
"name": "transportResponseBody.Close"
},
{
"name": "transportResponseBody.Read"
},
{
"name": "writeData.String"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2/hpack",
"product": "golang.org/x/net/http2/hpack",
"programRoutines": [
{
"name": "Decoder.parseFieldLiteral"
},
{
"name": "Decoder.readString"
},
{
"name": "Decoder.DecodeFull"
},
{
"name": "Decoder.Write"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T11:09:48.448Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/57855"
},
{
"url": "https://go.dev/cl/468135"
},
{
"url": "https://go.dev/cl/468295"
},
{
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1571"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
},
{
"url": "https://www.couchbase.com/alerts/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-41723",
"datePublished": "2023-02-28T17:19:45.801Z",
"dateReserved": "2022-09-28T17:00:06.610Z",
"dateUpdated": "2025-05-05T16:12:28.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…