Lucene search
Veracode Vulnerability DatabaseVERACODE:37016HistorySep 13, 2022 - 7:44 a.m.
Denial Of Service (DoS)
2022-09-1307:44:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
denial of service
buffer over-read
application crash
libconfuse.so
EPSS
0.002
Percentile
60.9%
libconfuse.so is vulnerable to denial of service. An attacker can send a malicious username parameter to the function cfg_tilde_expand to cause a heap-based buffer over-read, leading to an application crash.
References
github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
github.com/libconfuse/libconfuse/issues/163
lists.fedoraproject.org/archives/list/[email protected]/message/BSAZK4KAWRWNAFUBBXOYU3PVNH3X7226/
lists.fedoraproject.org/archives/list/[email protected]/message/EDUT2V62V2XF2IT5TJFPB6P3EQ6X5VLL/
lists.fedoraproject.org/archives/list/[email protected]/message/FJKHAPJ6AUWVP4HDGKH4M5A2XXWQI73O/
Related
openvas
openvas
Fedora: Security Advisory for libconfuse (FEDORA-2022-de992c68d0)
2022-09-23 00:00:00
Fedora: Security Advisory for libconfuse (FEDORA-2022-9b67d67195)
2022-09-23 00:00:00
Mageia: Security Advisory (MGASA-2022-0387)
2022-10-24 00:00:00
nessus
nessus
Amazon Linux AMI : libconfuse (ALAS-2023-1692)
2023-02-23 00:00:00
SUSE SLES15 Security Update : libconfuse0 (SUSE-SU-2022:3807-1)
2022-10-31 00:00:00
SUSE SLES12 Security Update : libconfuse0 (SUSE-SU-2022:3331-1)
2022-09-22 00:00:00
suse
suse
Security update for libconfuse0 (important)
2022-10-28 00:00:00
redos
redos
ROS-20220914-01
2022-09-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-40320 affecting package libconfuse for versions less than 3.3-2
2024-03-19 17:21:46
CVE-2022-40320 affecting package libconfuse for versions less than 3.3-2
2023-01-03 20:57:17
CVE-2022-40320 affecting package libconfuse 3.3-1
2023-03-02 04:18:32
debiancve
debiancve
CVE-2022-40320
2022-09-09 21:15:08
cve
cve
CVE-2022-40320
2022-09-09 21:15:08
prion
prion
Heap overflow
2022-09-09 21:15:00
fedora
fedora
[SECURITY] Fedora 35 Update: libconfuse-3.3-7.fc35
2022-09-21 01:22:35
[SECURITY] Fedora 37 Update: libconfuse-3.3-7.fc37
2022-09-16 00:18:43
[SECURITY] Fedora 36 Update: libconfuse-3.3-7.fc36
2022-09-21 01:13:17
cvelist
cvelist
CVE-2022-40320
2022-09-09 20:38:22
ubuntucve
ubuntucve
CVE-2022-40320
2022-09-09 00:00:00
mageia
mageia
Updated libconfuse packages fix security vulnerability
2022-10-24 01:48:35
amazon
amazon
Important: libconfuse
2023-02-17 00:02:00
osv
osv
CVE-2022-40320
2022-09-09 21:15:08
nvd
nvd
CVE-2022-40320
2022-09-09 21:15:08