Lucene search
VmwareCVELIST:CVE-2022-22976HistoryMay 19, 2022 - 2:50 p.m.
CVE-2022-22976
2022-05-1914:50:46
CWE-190
vmware
www.cve.org
2
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
CNA Affected
[
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions"
}
]
}
]Related
nvd
nvd
CVE-2022-22976
2022-05-19 15:15:08
veracode
veracode
Integer Overflow
2022-05-20 04:01:08
osv
osv
CVE-2022-22976
2022-05-19 15:15:08
Integer overflow in BCrypt class in Spring Security
2022-05-20 00:00:38
ubuntucve
ubuntucve
CVE-2022-22976
2022-05-19 00:00:00
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Vmware Spring Security
2022-05-10 16:36:13
github
github
Integer overflow in BCrypt class in Spring Security
2022-05-20 00:00:38
redhatcve
redhatcve
CVE-2022-22976
2022-05-17 16:10:13
prion
prion
Integer overflow
2022-05-19 15:15:00
cve
cve
CVE-2022-22976
2022-05-19 15:15:08
ibm
ibm
spring
spring
CVE-2022-22976: BCrypt skips salt rounds for work factor of 31
2022-05-16 05:32:00
CVE-2022-22978: Authorization Bypass in RegexRequestMatcher
2022-05-16 05:27:00
nessus
nessus
RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3663)
2024-04-28 00:00:00
redhat
redhat
(RHSA-2023:3663) Important: jenkins and jenkins-2-plugins security update
2023-06-19 10:09:14
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
2022-07-07 14:16:35
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00