admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-428xx/CVE-2022-42898.json

271 lines
8.0 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2022-42898",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-25T06:15:09.427",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"lastModified": "2024-11-21T07:25:33.423",
bootstrap
2023-04-24 12:24:31 +02:00
"vulnStatus": "Modified",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\""
Auto-Update: 2023-10-08T10:00:24.917564+00:00
2023-10-08 10:00:28 +00:00
},
{
"lang": "es",
"value": "El an\u00e1lisis sint\u00e1ctico de PAC en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) antes de 1.19.4 y 1.20.x antes de 1.20.1 tiene desbordamientos de enteros que pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo (en KDC, kadmind, o un servidor de aplicaciones GSS o Kerberos) en plataformas de 32 bits (que tienen un desbordamiento de b\u00fafer resultante), y causar una denegaci\u00f3n de servicio en otras plataformas. Esto ocurre en krb5_pac_parse en lib/krb5/krb/pac.c. Heimdal antes de 7.7.1 tiene \"un bug similar\"."
bootstrap
2023-04-24 12:24:31 +02:00
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"baseScore": 8.8,
"baseSeverity": "HIGH",
bootstrap
2023-04-24 12:24:31 +02:00
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"availabilityImpact": "HIGH"
bootstrap
2023-04-24 12:24:31 +02:00
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.8",
"versionEndExcluding": "1.19.4",
"matchCriteriaId": "7DDDCA5D-623C-47CD-A5D3-BD16A066BEBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.20:-:*:*:*:*:*:*",
"matchCriteriaId": "C4D88C23-3917-4891-B9D0-694FCC55B6A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mit:kerberos_5:1.20:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BEDE8B47-EBE0-487C-A52A-8D5F0F5AD851"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.7.1",
"matchCriteriaId": "537FE65E-6E3F-4441-8B35-7B48214EA04D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.15.12",
"matchCriteriaId": "659BA682-BA94-493F-8EE1-235661CC958D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16.0",
"versionEndExcluding": "4.16.7",
"matchCriteriaId": "5D8363DE-B7A3-409B-A485-29B4FA053BFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.17.0",
"versionEndExcluding": "4.17.3",
"matchCriteriaId": "663B7A0D-CCBB-4EDC-A0E3-97F03E636BD2"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15203",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
Auto-Update: 2023-09-17T10:00:24.672301+00:00
2023-09-17 10:00:28 +00:00
{
"url": "https://security.gentoo.org/glsa/202309-06",
"source": "cve@mitre.org"
},
Auto-Update: 2023-10-08T10:00:24.917564+00:00
2023-10-08 10:00:28 +00:00
{
"url": "https://security.gentoo.org/glsa/202310-06",
"source": "cve@mitre.org"
},
bootstrap
2023-04-24 12:24:31 +02:00
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230223-0001/",
"source": "cve@mitre.org"
},
{
"url": "https://web.mit.edu/kerberos/advisories/",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://web.mit.edu/kerberos/krb5-1.19/",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-42898.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
},
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15203",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-06",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.gentoo.org/glsa/202310-06",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230216-0008/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230223-0001/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://web.mit.edu/kerberos/advisories/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://web.mit.edu/kerberos/krb5-1.19/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.samba.org/samba/security/CVE-2022-42898.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink