Details of VAR-202201-0498

ID

VAR-202201-0498

CVE

CVE-2022-22826

TITLE

Expat Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002874

DESCRIPTION

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Expat is a fast streaming XML parser written in C. The vulnerability is caused by a boundary error when nextScaffoldPart in xmlparse.c exists when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Background ========= Expat is a set of XML parsing libraries. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Summary: OpenShift Serverless version 1.22.0 contains a moderate security impact. This release includes security and bug fixes and enhancements. For more information, see the documentation linked in the Solution section. Security Fixes in this release include: * golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772) * golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852) * expat: stack exhaustion in doctype parsing (CVE-2022-25313) * expat: integer overflow in copyString() (CVE-2022-25314) * expat: integer overflow in the doProlog function (CVE-2022-23990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically. 5. Package List: Red Hat JBoss Core Services on RHEL 7 Server: Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm Red Hat JBoss Core Services on RHEL 8: Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2022-22826 // JVNDB: JVNDB-2022-002874 // VULHUB: VHN-411552 // VULMON: CVE-2022-22826 // PACKETSTORM: 168578 // PACKETSTORM: 167008 // PACKETSTORM: 166431 // PACKETSTORM: 169540 // PACKETSTORM: 169541

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.4.3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	10.1.1	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	lt	version:	8.15.3	Trust: 1.0
vendor:	tenable	model:	nessus	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	tenable	model:	nessus	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22826
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-22826
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22826
value:	HIGH
Trust: 0.8
VULHUB:	VHN-411552
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22826
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22826
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411552
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22826
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-22826
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411552 // VULMON: CVE-2022-22826 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826 // NVD: CVE-2022-22826

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-411552 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

TYPE

overflow, code execution

Trust: 0.2

sources: PACKETSTORM: 169540 // PACKETSTORM: 169541

PATCH

title:	SSA-484086 Hitachi Server / Client Product Security Information	url:	https://www.debian.org/security/2022/dsa-5073	Trust: 0.8
title:	Red Hat: CVE-2022-22826	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-22826	Trust: 0.1
title:	Red Hat: Important: expat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220951 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1730aaeace15912feb07b96b49c44c9a	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1603	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1603	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221039 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5073-1 expat -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=131f3d669e0814049dd7f5b87ef0af84	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1809	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1809	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221734 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221041 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Release of OpenShift Serverless Version 1.22.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat OpenShift GitOps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221042 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221083 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221476 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-05	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-017	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-017	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221396 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	myapp-container-jaxrs	url:	https://github.com/akiraabe/myapp-container-jaxrs	Trust: 0.1

sources: VULMON: CVE-2022-22826 // JVNDB: JVNDB-2022-002874

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22826	Trust: 3.3
db:	OPENWALL	id:	OSS-SECURITY/2022/01/17/3	Trust: 1.1
db:	SIEMENS	id:	SSA-484086	Trust: 1.1
db:	TENABLE	id:	TNS-2022-05	Trust: 1.1
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-278-01	Trust: 0.8
db:	JVN	id:	JVNVU99030761	Trust: 0.8
db:	JVN	id:	JVNVU97425465	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-002874	Trust: 0.8
db:	PACKETSTORM	id:	166431	Trust: 0.2
db:	PACKETSTORM	id:	169540	Trust: 0.2
db:	PACKETSTORM	id:	167008	Trust: 0.2
db:	PACKETSTORM	id:	169541	Trust: 0.2
db:	PACKETSTORM	id:	168578	Trust: 0.2
db:	PACKETSTORM	id:	166433	Trust: 0.1
db:	PACKETSTORM	id:	169788	Trust: 0.1
db:	PACKETSTORM	id:	166496	Trust: 0.1
db:	PACKETSTORM	id:	166437	Trust: 0.1
db:	PACKETSTORM	id:	166976	Trust: 0.1
db:	PACKETSTORM	id:	166348	Trust: 0.1
db:	CNVD	id:	CNVD-2022-04543	Trust: 0.1
db:	VULHUB	id:	VHN-411552	Trust: 0.1
db:	VULMON	id:	CVE-2022-22826	Trust: 0.1

sources: VULHUB: VHN-411552 // VULMON: CVE-2022-22826 // PACKETSTORM: 168578 // PACKETSTORM: 167008 // PACKETSTORM: 166431 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-22826	Trust: 1.3
url:	https://security.gentoo.org/glsa/202209-24	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.1
url:	https://www.tenable.com/security/tns-2022-05	Trust: 1.1
url:	https://www.debian.org/security/2022/dsa-5073	Trust: 1.1
url:	https://github.com/libexpat/libexpat/pull/539	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2022/01/17/3	Trust: 1.1
url:	https://jvn.jp/vu/jvnvu99030761/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97425465/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22825	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22827	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46143	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22823	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22824	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45960	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22822	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22825	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22827	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22823	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-46143	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22824	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22826	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-22822	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-45960	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31566	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23177	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23219	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23218	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23177	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3999	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23218	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3999	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23219	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31566	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25313	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-36160	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23990	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25314	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-44224	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-39275	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40674	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25314	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25313	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21426	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21443	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21476	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1747	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21496	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21496	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41772	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21434	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21443	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21434	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21426	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41771	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21476	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0261	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1025	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25710	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25709	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0361	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0261	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24407	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25710	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0318	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24731	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24730	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0413	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25709	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0392	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24730	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0359	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0318	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0392	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1025	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0413	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0359	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7144	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:7143	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1

sources: VULHUB: VHN-411552 // PACKETSTORM: 168578 // PACKETSTORM: 167008 // PACKETSTORM: 166431 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // JVNDB: JVNDB-2022-002874 // NVD: CVE-2022-22826

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 167008 // PACKETSTORM: 166431 // PACKETSTORM: 169540 // PACKETSTORM: 169541

SOURCES

db:	VULHUB	id:	VHN-411552
db:	VULMON	id:	CVE-2022-22826
db:	PACKETSTORM	id:	168578
db:	PACKETSTORM	id:	167008
db:	PACKETSTORM	id:	166431
db:	PACKETSTORM	id:	169540
db:	PACKETSTORM	id:	169541
db:	JVNDB	id:	JVNDB-2022-002874
db:	NVD	id:	CVE-2022-22826

LAST UPDATE DATE

2025-08-12T19:37:31.221000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411552	date:	2022-10-06T00:00:00
db:	VULMON	id:	CVE-2022-22826	date:	2022-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-002874	date:	2023-10-10T06:05:00
db:	NVD	id:	CVE-2022-22826	date:	2025-05-05T17:17:53.610

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411552	date:	2022-01-10T00:00:00
db:	VULMON	id:	CVE-2022-22826	date:	2022-01-10T00:00:00
db:	PACKETSTORM	id:	168578	date:	2022-09-30T14:56:43
db:	PACKETSTORM	id:	167008	date:	2022-05-10T14:49:09
db:	PACKETSTORM	id:	166431	date:	2022-03-24T14:34:35
db:	PACKETSTORM	id:	169540	date:	2022-10-27T13:05:19
db:	PACKETSTORM	id:	169541	date:	2022-10-27T13:05:26
db:	JVNDB	id:	JVNDB-2022-002874	date:	2023-01-19T00:00:00
db:	NVD	id:	CVE-2022-22826	date:	2022-01-10T14:12:57.113