Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-40320HistorySep 09, 2022 - 9:15 p.m.
CVE-2022-40320
2022-09-0921:15:08
Debian Security Bug Tracker
security-tracker.debian.org
25
libconfuse 3.3
heap-based buffer
over-read
vulnerability
unix
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.9%
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libconfuse | < 3.3-3 | libconfuse_3.3-3_all.deb |
| Debian | 11 | all | libconfuse | < 3.3-2+deb11u1 | libconfuse_3.3-2+deb11u1_all.deb |
| Debian | 999 | all | libconfuse | < 3.3-3 | libconfuse_3.3-3_all.deb |
| Debian | 13 | all | libconfuse | < 3.3-3 | libconfuse_3.3-3_all.deb |
Related
openvas
openvas
Fedora: Security Advisory for libconfuse (FEDORA-2022-de992c68d0)
2022-09-23 00:00:00
Fedora: Security Advisory for libconfuse (FEDORA-2022-9b67d67195)
2022-09-23 00:00:00
Mageia: Security Advisory (MGASA-2022-0387)
2022-10-24 00:00:00
redos
redos
ROS-20220914-01
2022-09-14 00:00:00
nessus
nessus
Amazon Linux AMI : libconfuse (ALAS-2023-1692)
2023-02-23 00:00:00
SUSE SLES15 Security Update : libconfuse0 (SUSE-SU-2022:3807-1)
2022-10-31 00:00:00
SUSE SLES12 Security Update : libconfuse0 (SUSE-SU-2022:3331-1)
2022-09-22 00:00:00
suse
suse
Security update for libconfuse0 (important)
2022-10-28 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-40320 affecting package libconfuse for versions less than 3.3-2
2024-03-19 17:21:46
CVE-2022-40320 affecting package libconfuse for versions less than 3.3-2
2023-01-03 20:57:17
CVE-2022-40320 affecting package libconfuse 3.3-1
2023-03-02 04:18:32
cve
cve
CVE-2022-40320
2022-09-09 21:15:08
prion
prion
Heap overflow
2022-09-09 21:15:00
fedora
fedora
[SECURITY] Fedora 35 Update: libconfuse-3.3-7.fc35
2022-09-21 01:22:35
[SECURITY] Fedora 37 Update: libconfuse-3.3-7.fc37
2022-09-16 00:18:43
[SECURITY] Fedora 36 Update: libconfuse-3.3-7.fc36
2022-09-21 01:13:17
cvelist
cvelist
CVE-2022-40320
2022-09-09 20:38:22
ubuntucve
ubuntucve
CVE-2022-40320
2022-09-09 00:00:00
mageia
mageia
Updated libconfuse packages fix security vulnerability
2022-10-24 01:48:35
amazon
amazon
Important: libconfuse
2023-02-17 00:02:00
osv
osv
CVE-2022-40320
2022-09-09 21:15:08
veracode
veracode
Denial Of Service (DoS)
2022-09-13 07:44:11
nvd
nvd
CVE-2022-40320
2022-09-09 21:15:08
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.9%
Related for DEBIANCVE:CVE-2022-40320