"-Synchronized-Data."

2025-05-08 11:37:04 +00:00 · 2022-12-31 01:00:35 +00:00 · 2022-12-31 01:00:35 +00:00 · b7bf90881a
commit b7bf90881a
parent c7955cff0a
2 changed files with 55 additions and 6 deletions
--- a/2022/22xxx/CVE-2022-22728.json
+++ b/2022/22xxx/CVE-2022-22728.json
@ -101,6 +101,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20221229 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption",
                "url": "http://www.openwall.com/lists/oss-security/2022/12/29/1"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20221230 Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption",
+                "url": "http://www.openwall.com/lists/oss-security/2022/12/30/4"
            }
        ]
    },
--- a/2022/48xxx/CVE-2022-48195.json
+++ b/2022/48xxx/CVE-2022-48195.json
@ -1,17 +1,61 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
-        "ID": "CVE-2022-48195",
        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2022-48195",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://mellium.im/cve/cve-2022-48195/",
+                "url": "https://mellium.im/cve/cve-2022-48195/"
            }
        ]
    }