Lucene search

Gentoo FoundationMGASA-2022-0387

HistoryOct 24, 2022 - 1:48 a.m.

Updated libconfuse packages fix security vulnerability

2022-10-2401:48:35

Gentoo Foundation

advisories.mageia.org

libconfuse 3.3

security vulnerability

heap-based buffer over-read

fix

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.9%

JSON

cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. (CVE-2022-40320)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchlibconfuse< 3.3-1.1libconfuse-3.3-1.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	libconfuse	< 3.3-1.1	libconfuse-3.3-1.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=30856

lists.fedoraproject.org/archives/list/[email protected]/thread/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.9%

JSON

Related for MGASA-2022-0387