ID

VAR-202206-1900


CVE

CVE-2022-32206


TITLE

Haxx  of  cURL  Vulnerabilities related to unrestricted or throttled resource allocation in products from multiple other vendors

Trust: 0.8

sources: JVNDB: JVNDB-2022-012769

DESCRIPTION

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Haxx of cURL Products from multiple other vendors are vulnerable to resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Summary: An update for curl is now available for Red Hat Enterprise Linux 8. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: HTTP compression denial of service (CVE-2022-32206) * curl: FTP-KRB bad message verification (CVE-2022-32208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 6. Package List: Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. Summary: OpenShift API for Data Protection (OADP) 1.0.4 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html For Red Hat OpenShift Logging 5.5, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html 4. JIRA issues fixed (https://issues.jboss.org/): LOG-2647 - Add link to log console from pod views LOG-2801 - After upgrade all logs are stored in app indices LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty 6. Description: Multicluster engine for Kubernetes 2.1 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fixes: * CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS * CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630 golang: io/fs: stack exhaustion in Glob * CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob * CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working * CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add Bug fixes: * MCE 2.1.0 Images (BZ# 2090907) * cluster-proxy-agent not able to startup (BZ# 2109394) * Create cluster button skips Infrastructure page, shows blank page (BZ# 2110713) * AWS Icon sometimes doesn't show up in create cluster wizard (BZ# 2110734) * Infrastructure descriptions in create cluster catalog should be consistent and clear (BZ# 2110811) * The user with clusterset view permission should not able to update the namespace binding with the pencil icon on clusterset details page (BZ# 2111483) * hypershift cluster creation -> not all agent labels are shown in the node pools screen (BZ# 2112326) * CIM - SNO expansion, worker node status incorrect (BZ# 2114735) * Wizard fields are not pre-filled after picking credentials (BZ# 2117163) * ManagedClusterImageRegistry CR is wrong in pure MCE env 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Gatekeeper Operator v0.2 security and container updates Advisory ID: RHSA-2022:6348-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:6348 Issue date: 2022-09-06 CVE Names: CVE-2021-40528 CVE-2022-1292 CVE-2022-1586 CVE-2022-1705 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2526 CVE-2022-28131 CVE-2022-29824 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 ===================================================================== 1. Summary: Gatekeeper Operator v0.2 security updates Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades. Note: Gatekeeper support from the Red Hat support team is limited to where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/. Security fix: * CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal * CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 3. Solution: The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation: * Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has `installPlanApproval` set to `Automatic`. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually approve the upgrade to the operator. * Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'. Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information. 4. Bugs fixed (https://bugzilla.redhat.com/): 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 5. References: https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYxd1LNzjgjWX9erEAQi7KxAAjtYnTUInhFC8FJ6zXunwhBa8YpT3E6Ym hemyRubgeyUdhySlgfPFmhrEU6nT3CUmzVN11wQu9iVmUzg3V/x+WhvMK371313m 7XzE0nuZ5uZRxXGVr8dqoecgm47t2884+QzGO4cMIsK5ojfHLBY6oeYunjW6lC5/ 7P40TjANWdZMirOmxoOk3OHeYpFC9oIiovidDn7zqf3PFOa50ux6w4P/3Dep5qVl W1BaNJkWxRL5Uj2AiyxtnLR2Tg713ocazkZZ83nJdr2eMoFFJL7l7u/W2m9LS5rN UhwHejs+4kizsumeCRFyq5I67vmkGE2EMun3yKZDGNB8xgxQqkaOBTkcF4qzzgOt +cLhTRiuGXS4NETqYaWGE0n0kmFCE5jFbZaOlp9L1C56LtB4Ob6BSK/qtdl8wmMB Ap8POcwOp/6TM2SfXg27TzYyYdA3T8EDG4NcZJ05Kt/QsEm7odWa8qMQrBLx+vBs AzDqEoMuL6yPuU4TfpmUI19M3kCGq3dK6jvMv7PA3xn2XQnBfxgIZv5ayibOoM+G 4zhJAs44wO9xEb95fVUego6k3PME3r4u2az8CGBNBcNb9S56yktm3cfxfJv9fc6T C0pfoeTNknLDqKXTCCd8q3qurIX1oX4YTYDjn7F9lrsSQb/b7cv09VliE8xJyg/m yZ5qSsVjpIw= =RV0+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack. For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2022-32206 // JVNDB: JVNDB-2022-012769 // VULMON: CVE-2022-32206 // PACKETSTORM: 168158 // PACKETSTORM: 168265 // PACKETSTORM: 168351 // PACKETSTORM: 168275 // PACKETSTORM: 168282 // PACKETSTORM: 168289 // PACKETSTORM: 168280 // PACKETSTORM: 169318

AFFECTED PRODUCTS

vendor:siemensmodel:scalance sc646-2cscope:ltversion:3.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:netappmodel:bootstrap osscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:ltversion:3.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:element softwarescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:3.0

Trust: 1.0

vendor:haxxmodel:curlscope:ltversion:7.84.0

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc626-2cscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:3.0

Trust: 1.0

vendor:シーメンスmodel:scalance sc-642-2cscope: - version: -

Trust: 0.8

vendor:netappmodel:h410sscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-632-2cscope: - version: -

Trust: 0.8

vendor:netappmodel:clustered data ontapscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-636-2cscope: - version: -

Trust: 0.8

vendor:haxxmodel:curlscope: - version: -

Trust: 0.8

vendor:netappmodel:hci management nodescope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:netappmodel:bootstrap osscope: - version: -

Trust: 0.8

vendor:netappmodel:h700sscope: - version: -

Trust: 0.8

vendor:netappmodel:h500sscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc626-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-646-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:netappmodel:solidfirescope: - version: -

Trust: 0.8

vendor:netappmodel:h300sscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:netappmodel:element softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-012769 // NVD: CVE-2022-32206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32206
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-32206
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32206
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-2565
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32206
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2022-32206
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-32206
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNNVD: CNNVD-202206-2565 // JVNDB: JVNDB-2022-012769 // NVD: CVE-2022-32206 // NVD: CVE-2022-32206

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-012769 // NVD: CVE-2022-32206

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 169318 // CNNVD: CNNVD-202206-2565

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202206-2565

PATCH

title:curl Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=198520

Trust: 0.6

title:Ubuntu Security Notice: USN-5495-1: curl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5495-1

Trust: 0.1

sources: VULMON: CVE-2022-32206 // CNNVD: CNNVD-202206-2565

EXTERNAL IDS

db:NVDid:CVE-2022-32206

Trust: 4.1

db:OPENWALLid:OSS-SECURITY/2023/02/15/3

Trust: 2.4

db:HACKERONEid:1570651

Trust: 2.4

db:SIEMENSid:SSA-333517

Trust: 2.4

db:ICS CERTid:ICSA-22-349-18

Trust: 0.8

db:ICS CERTid:ICSA-23-103-09

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNid:JVNVU94715153

Trust: 0.8

db:JVNDBid:JVNDB-2022-012769

Trust: 0.8

db:AUSCERTid:ESB-2022.3366

Trust: 0.6

db:AUSCERTid:ESB-2022.6333

Trust: 0.6

db:AUSCERTid:ESB-2023.3732

Trust: 0.6

db:AUSCERTid:ESB-2022.6290

Trust: 0.6

db:AUSCERTid:ESB-2022.4468

Trust: 0.6

db:AUSCERTid:ESB-2022.4757

Trust: 0.6

db:AUSCERTid:ESB-2023.3143

Trust: 0.6

db:AUSCERTid:ESB-2023.3238

Trust: 0.6

db:AUSCERTid:ESB-2022.4324

Trust: 0.6

db:AUSCERTid:ESB-2022.5247

Trust: 0.6

db:AUSCERTid:ESB-2022.4266

Trust: 0.6

db:AUSCERTid:ESB-2022.4112

Trust: 0.6

db:AUSCERTid:ESB-2022.3117

Trust: 0.6

db:AUSCERTid:ESB-2022.5632

Trust: 0.6

db:AUSCERTid:ESB-2023.2163

Trust: 0.6

db:AUSCERTid:ESB-2022.5300

Trust: 0.6

db:AUSCERTid:ESB-2022.4525

Trust: 0.6

db:AUSCERTid:ESB-2022.4568

Trust: 0.6

db:PACKETSTORMid:168347

Trust: 0.6

db:PACKETSTORMid:168284

Trust: 0.6

db:PACKETSTORMid:170166

Trust: 0.6

db:PACKETSTORMid:167607

Trust: 0.6

db:PACKETSTORMid:168301

Trust: 0.6

db:PACKETSTORMid:168174

Trust: 0.6

db:PACKETSTORMid:168503

Trust: 0.6

db:PACKETSTORMid:168378

Trust: 0.6

db:PACKETSTORMid:169443

Trust: 0.6

db:CS-HELPid:SB2022071152

Trust: 0.6

db:CS-HELPid:SB2022062927

Trust: 0.6

db:CNNVDid:CNNVD-202206-2565

Trust: 0.6

db:VULMONid:CVE-2022-32206

Trust: 0.1

db:PACKETSTORMid:168158

Trust: 0.1

db:PACKETSTORMid:168265

Trust: 0.1

db:PACKETSTORMid:168351

Trust: 0.1

db:PACKETSTORMid:168275

Trust: 0.1

db:PACKETSTORMid:168282

Trust: 0.1

db:PACKETSTORMid:168289

Trust: 0.1

db:PACKETSTORMid:168280

Trust: 0.1

db:PACKETSTORMid:169318

Trust: 0.1

sources: VULMON: CVE-2022-32206 // PACKETSTORM: 168158 // PACKETSTORM: 168265 // PACKETSTORM: 168351 // PACKETSTORM: 168275 // PACKETSTORM: 168282 // PACKETSTORM: 168289 // PACKETSTORM: 168280 // PACKETSTORM: 169318 // CNNVD: CNNVD-202206-2565 // JVNDB: JVNDB-2022-012769 // NVD: CVE-2022-32206

REFERENCES

url:https://hackerone.com/reports/1570651

Trust: 2.4

url:http://seclists.org/fulldisclosure/2022/oct/41

Trust: 2.4

url:http://www.openwall.com/lists/oss-security/2023/02/15/3

Trust: 2.4

url:https://www.debian.org/security/2022/dsa-5197

Trust: 2.4

url:https://security.netapp.com/advisory/ntap-20220915-0003/

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf

Trust: 2.4

url:https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html

Trust: 2.4

url:http://seclists.org/fulldisclosure/2022/oct/28

Trust: 2.4

url:https://support.apple.com/kb/ht213488

Trust: 2.4

url:https://security.gentoo.org/glsa/202212-01

Trust: 2.4

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-32206

Trust: 1.2

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/

Trust: 1.0

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu94715153/

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-32206

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-32208

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-2526

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-30631

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-2526

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3143

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022062927

Trust: 0.6

url:https://support.apple.com/en-us/ht213488

Trust: 0.6

url:https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6290

Trust: 0.6

url:https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4112

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5300

Trust: 0.6

url:https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5247

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6333

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3366

Trust: 0.6

url:https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4757

Trust: 0.6

url:https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2163

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022071152

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3732

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3238

Trust: 0.6

url:https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4266

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32206/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5632

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4468

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4324

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4525

Trust: 0.6

url:https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3117

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4568

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-2097

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-2068

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-1292

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-32148

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-1705

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-1292

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-1586

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-2068

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-2097

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-1586

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-1705

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-1962

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-30630

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-30629

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-1962

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-29154

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-30631

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-32208

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-30635

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-40528

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-28131

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-28131

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-30633

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-30632

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-30629

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-40528

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-29824

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-29154

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-29824

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-30632

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-30630

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-5495-1

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6159

Trust: 0.1

url:https://submariner.io/getting-started/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38561

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6346

Trust: 0.1

url:https://submariner.io/.

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38561

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3634

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24675

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6430

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6344

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32148

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30633

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/install_upgrade/installing-while-connected-online-mce

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-31129

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1897

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1927

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6182

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1897

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1927

Trust: 0.1

url:https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6348

Trust: 0.1

url:https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.

Trust: 0.1

url:https://open-policy-agent.github.io/gatekeeper/website/docs/howto/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27782

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27781

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27776

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22945

Trust: 0.1

sources: VULMON: CVE-2022-32206 // PACKETSTORM: 168158 // PACKETSTORM: 168265 // PACKETSTORM: 168351 // PACKETSTORM: 168275 // PACKETSTORM: 168282 // PACKETSTORM: 168289 // PACKETSTORM: 168280 // PACKETSTORM: 169318 // CNNVD: CNNVD-202206-2565 // JVNDB: JVNDB-2022-012769 // NVD: CVE-2022-32206

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 168158 // PACKETSTORM: 168265 // PACKETSTORM: 168351 // PACKETSTORM: 168275 // PACKETSTORM: 168282 // PACKETSTORM: 168289 // PACKETSTORM: 168280

SOURCES

db:VULMONid:CVE-2022-32206
db:PACKETSTORMid:168158
db:PACKETSTORMid:168265
db:PACKETSTORMid:168351
db:PACKETSTORMid:168275
db:PACKETSTORMid:168282
db:PACKETSTORMid:168289
db:PACKETSTORMid:168280
db:PACKETSTORMid:169318
db:CNNVDid:CNNVD-202206-2565
db:JVNDBid:JVNDB-2022-012769
db:NVDid:CVE-2022-32206

LAST UPDATE DATE

2026-07-10T20:36:23.827000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202206-2565date:2023-06-30T00:00:00
db:JVNDBid:JVNDB-2022-012769date:2023-09-01T08:15:00
db:NVDid:CVE-2022-32206date:2025-05-05T17:18:13.120

SOURCES RELEASE DATE

db:PACKETSTORMid:168158date:2022-08-25T15:25:12
db:PACKETSTORMid:168265date:2022-09-07T16:37:33
db:PACKETSTORMid:168351date:2022-09-13T15:41:58
db:PACKETSTORMid:168275date:2022-09-07T16:50:50
db:PACKETSTORMid:168282date:2022-09-07T16:56:15
db:PACKETSTORMid:168289date:2022-09-07T17:09:04
db:PACKETSTORMid:168280date:2022-09-07T16:53:57
db:PACKETSTORMid:169318date:2022-08-28T19:12:00
db:CNNVDid:CNNVD-202206-2565date:2022-06-27T00:00:00
db:JVNDBid:JVNDB-2022-012769date:2023-09-01T00:00:00
db:NVDid:CVE-2022-32206date:2022-07-07T13:15:08.340