CVE-2022-28652

2024-06-0422:15:09

CWE-776

[email protected]

web.nvd.nist.gov

167

nvd

security vulnerability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

~/.config/apport/settings parsing is vulnerable to “billion laughs” attack

Affected configurations

NVD

Node

apport_projectapportRange<2.21.0

Node

canonicalubuntu_linuxMatch18.04esm

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch21.10

canonicalubuntu_linuxMatch22.04lts

CPENameOperatorVersion
apport_project:apportapport project apportlt2.21.0

CPE	Name	Operator	Version
apport_project:apport	apport project apport	lt	2.21.0

CNA Affected

[
  {
    "packageName": "apport",
    "product": "Apport",
    "vendor": "Canonical Ltd.",
    "repo": "https://github.com/canonical/apport",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "2.21.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]