Lucene search
Veracode Vulnerability DatabaseVERACODE:35866HistoryJun 03, 2022 - 2:40 p.m.
Remote Code Execution
2022-06-0314:40:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
fapolicyd
remote code execution
vulnerability
software
naming conventions
linker pattern matcher
EPSS
0.001
Percentile
41.1%
fapolicyd is vulnerable to remote code execution. The build script misdetects the run time linker due to the improper naming conventions which causes the ld_so pattern matcher to not work correctly, resulting in remote code execution vulnerability.
References
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
access.redhat.com/errata/RHSA-2022:1898
access.redhat.com/errata/RHSA-2022:4824
access.redhat.com/security/cve/CVE-2022-1117
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2066904
bugzilla.redhat.com/show_bug.cgi?id=2068171
github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263
Related
rocky
rocky
fapolicyd security, bug fix, and enhancement update
2022-05-10 06:36:51
almalinux
almalinux
Moderate: fapolicyd security, bug fix, and enhancement update
2022-05-10 00:00:00
nvd
nvd
CVE-2022-1117
2022-08-29 15:15:10
redhatcve
redhatcve
CVE-2022-1117
2022-05-03 14:05:12
nessus
nessus
Rocky Linux 8 : fapolicyd (RLSA-2022:1898)
2023-11-06 00:00:00
RHEL 8 : fapolicyd (RHSA-2022:1898)
2022-05-11 00:00:00
CentOS 9 : fapolicyd-1.1.3-102.el9
2024-02-29 00:00:00
cvelist
cvelist
CVE-2022-1117
2022-08-29 14:03:07
osv
osv
Moderate: fapolicyd security, bug fix, and enhancement update
2022-05-10 00:00:00
CVE-2022-1117
2022-08-29 15:15:10
Moderate: fapolicyd security, bug fix, and enhancement update
2022-05-10 06:36:51
redhat
redhat
(RHSA-2022:4824) Moderate: fapolicyd security and bug fix update
2022-05-31 10:00:01
openvas
openvas
Fedora: Security Advisory for fapolicyd (FEDORA-2022-bba9ca95b5)
2022-06-04 00:00:00
Fedora: Security Advisory for fapolicyd (FEDORA-2022-47a86f6258)
2022-06-04 00:00:00
cve
cve
CVE-2022-1117
2022-08-29 15:15:10
cbl_mariner
cbl_mariner
CVE-2022-1117 affecting package fapolicyd for versions less than 1.3.2-1
2023-09-28 11:57:58
fedora
fedora
[SECURITY] Fedora 35 Update: fapolicyd-1.1.2-1.fc35
2022-06-03 03:35:17
[SECURITY] Fedora 36 Update: fapolicyd-1.1.2-1.fc36
2022-06-03 03:08:46
prion
prion
Design/Logic Flaw
2022-08-29 15:15:00
oraclelinux
oraclelinux
fapolicyd security, bug fix, and enhancement update
2022-05-17 00:00:00