Vulnerability-Lookup

CVE-2022-1941 (GCVE-0-2022-1941)

Vulnerability from cvelistv5 – Published: 2022-09-22 00:00 – Updated: 2024-08-03 00:24

Title

Out of Memory issue in ProtocolBuffers for cpp and python

Summary

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

Severity ?

No CVSS data available.

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

Google

References

URL

Tags

	https://cloud.google.com/support/bulletins#GCP-2022-019
	https://github.com/protocolbuffers/protobuf/secur…
	http://www.openwall.com/lists/oss-security/2022/09/27/1	mailing-list
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023…	mailing-list
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.netapp.com/advisory/ntap-2024070…

Impacted products

Vendor

Product

Version

Google LLC

protobuf-cpp

Affected: unspecified , ≤ 3.16.1 (custom)
Affected: unspecified , ≤ 3.17.3 (custom)
Affected: unspecified , ≤ 3.18.2 (custom)
Affected: unspecified , ≤ 3.19.4 (custom)
Affected: unspecified , ≤ 3.20.1 (custom)
Affected: unspecified , ≤ 3.21.5 (custom)

Google LLC

protobuf-python

Credits

CluterFuzz - https://google.github.io/clusterfuzz/

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "protobuf-cpp",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "3.18.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.19.5",
                "status": "affected",
                "version": "3.19.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.20.2",
                "status": "affected",
                "version": "3.20.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.21.6",
                "status": "affected",
                "version": "3.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "protobuf-python",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "3.18.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.19.5",
                "status": "affected",
                "version": "3.19.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.20.2",
                "status": "affected",
                "version": "3.20.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.21.6",
                "status": "affected",
                "version": "4.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-1941",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T19:20:47.222552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T19:36:06.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:42.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
          },
          {
            "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
          },
          {
            "name": "FEDORA-2022-25f35ed634",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
          },
          {
            "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
          },
          {
            "name": "FEDORA-2022-15729fa33d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240705-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "protobuf-cpp",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThanOrEqual": "3.16.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.18.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.19.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.20.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.21.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "protobuf-python",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThanOrEqual": "3.16.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.17.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.18.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.19.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.20.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.21.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "CluterFuzz - https://google.github.io/clusterfuzz/"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT",
              "availabilityImpact": "HIGH",
              "baseScore": 5.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-05T16:05:57.237Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
        },
        {
          "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
        },
        {
          "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
        },
        {
          "name": "FEDORA-2022-25f35ed634",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
        },
        {
          "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
        },
        {
          "name": "FEDORA-2022-15729fa33d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240705-0001/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Out of Memory issue in ProtocolBuffers for cpp and python",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-1941",
    "datePublished": "2022-09-22T00:00:00.000Z",
    "dateReserved": "2022-05-30T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:42.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cloud.google.com/support/bulletins#GCP-2022-019\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/09/27/1\", \"name\": \"[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/\", \"name\": \"FEDORA-2022-25f35ed634\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html\", \"name\": \"[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/\", \"name\": \"FEDORA-2022-15729fa33d\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240705-0001/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:24:42.594Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1941\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-16T19:20:47.222552Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"protobuf-cpp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.18.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.19.0\", \"lessThan\": \"3.19.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.20.0\", \"lessThan\": \"3.20.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.21.0\", \"lessThan\": \"3.21.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"protobuf-python\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.18.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.19.0\", \"lessThan\": \"3.19.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.20.0\", \"lessThan\": \"3.20.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.21.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T19:35:55.274Z\"}}], \"cna\": {\"title\": \"Out of Memory issue in ProtocolBuffers for cpp and python\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"CluterFuzz - https://google.github.io/clusterfuzz/\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"scope\": \"UNCHANGED\", \"baseScore\": 5.7, \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}}], \"affected\": [{\"vendor\": \"Google LLC\", \"product\": \"protobuf-cpp\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.16.1\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.17.3\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.18.2\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.19.4\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.20.1\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.21.5\"}]}, {\"vendor\": \"Google LLC\", \"product\": \"protobuf-python\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.16.1\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.17.3\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.18.2\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.19.4\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.20.1\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.21.5\"}]}], \"references\": [{\"url\": \"https://cloud.google.com/support/bulletins#GCP-2022-019\"}, {\"url\": \"https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/09/27/1\", \"name\": \"[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/\", \"name\": \"FEDORA-2022-25f35ed634\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html\", \"name\": \"[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/\", \"name\": \"FEDORA-2022-15729fa33d\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240705-0001/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1286\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2024-07-05T16:05:57.237168\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-1941\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-03T00:24:42.594Z\", \"dateReserved\": \"2022-05-30T00:00:00\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2022-09-22T00:00:00\", \"assignerShortName\": \"Google\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0034

Vulnerability from certfr_avis - Published: 2023-01-18 - Updated: 2023-01-18

De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Cluster versions 7.5.28 et antérieures
Oracle	MySQL	MySQL Shell versions 8.0.31 et antérieures
Oracle	PeopleSoft	PeopleSoft Enterprise CC Common Application Objects version 9.2
Oracle	MySQL	MySQL Server versions 5.7.40 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.6.24 et antérieures
Oracle	Java SE	Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1
Oracle	MySQL	MySQL Connectors versions 8.0.31 et antérieures
Oracle	Weblogic	Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0
Oracle	N/A	Oracle VM VirtualBox versions antérieures à 7.0.6
Oracle	MySQL	MySQL Workbench versions 8.0.31 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 8.0.32 et antérieures
Oracle	Database Server	Oracle Database Server versions 19c, 21c [Perl] antérieures à 5.35
Oracle	MySQL	MySQL Cluster versions 8.0.31 et antérieures
Oracle	MySQL	MySQL Server versions 8.0.31 et antérieures
Oracle	PeopleSoft	PeopleSoft Enterprise CS Academic Advisement version 9.2
Oracle	N/A	Oracle VM VirtualBox versions antérieures à 6.1.42
Oracle	MySQL	MySQL Cluster versions 7.4.38 et antérieures
Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2023 du 18 janvier 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Cluster versions 7.5.28 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Shell versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise CC Common Application Objects version 9.2",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.7.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 7.6.24 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Workbench versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 8.0.32 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server versions 19c, 21c [Perl] ant\u00e9rieures \u00e0 5.35",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise CS Academic Advisement version 9.2",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.42",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 7.4.38 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21900"
    },
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2023-21893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21893"
    },
    {
      "name": "CVE-2023-21877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
    },
    {
      "name": "CVE-2023-21885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21885"
    },
    {
      "name": "CVE-2022-22971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
    },
    {
      "name": "CVE-2023-21865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
    },
    {
      "name": "CVE-2023-21898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21898"
    },
    {
      "name": "CVE-2023-21881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2023-21874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
    },
    {
      "name": "CVE-2023-21838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21838"
    },
    {
      "name": "CVE-2023-21878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2023-21883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
    },
    {
      "name": "CVE-2022-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
    },
    {
      "name": "CVE-2022-42252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2023-21889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21889"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2023-21875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
    },
    {
      "name": "CVE-2023-21872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
    },
    {
      "name": "CVE-2023-21841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21841"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2023-21864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21864"
    },
    {
      "name": "CVE-2023-21840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
    },
    {
      "name": "CVE-2022-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
    },
    {
      "name": "CVE-2022-31692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2023-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
    },
    {
      "name": "CVE-2023-21842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21842"
    },
    {
      "name": "CVE-2023-21845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21845"
    },
    {
      "name": "CVE-2022-39429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39429"
    },
    {
      "name": "CVE-2023-21860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21860"
    },
    {
      "name": "CVE-2023-21844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21844"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2023-21871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
    },
    {
      "name": "CVE-2023-21839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"
    },
    {
      "name": "CVE-2023-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
    },
    {
      "name": "CVE-2023-21835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2023-21873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
    },
    {
      "name": "CVE-2023-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
    },
    {
      "name": "CVE-2023-21876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2023-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
    },
    {
      "name": "CVE-2023-21899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21899"
    },
    {
      "name": "CVE-2023-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
    },
    {
      "name": "CVE-2022-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2023-21836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
    },
    {
      "name": "CVE-2023-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21827"
    },
    {
      "name": "CVE-2023-21870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2023-21879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
    },
    {
      "name": "CVE-2021-3918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
    },
    {
      "name": "CVE-2023-21882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21882"
    },
    {
      "name": "CVE-2023-21886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21886"
    },
    {
      "name": "CVE-2023-21837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21837"
    },
    {
      "name": "CVE-2023-21831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21831"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2023-21880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2022-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
    },
    {
      "name": "CVE-2023-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21829"
    },
    {
      "name": "CVE-2023-21884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21884"
    },
    {
      "name": "CVE-2023-21868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21868"
    }
  ],
  "initial_release_date": "2023-01-18T00:00:00",
  "last_revision_date": "2023-01-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0034",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2023 du 18 janvier 2023",
      "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
    }
  ]
}

CERTFR-2022-AVI-891

Vulnerability from certfr_avis - Published: 2022-10-10 - Updated: 2022-10-10

De multiples vulnérabilités ont été découvertes dans IBM QRadar. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	QRadar	IBM Security QRadar Network Threat Analytics versions 1.x antérieures à 1.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6827881 du 06 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Security QRadar Network Threat Analytics versions 1.x ant\u00e9rieures \u00e0 1.1.2",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
    },
    {
      "name": "CVE-2022-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
    },
    {
      "name": "CVE-2022-34749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
    }
  ],
  "initial_release_date": "2022-10-10T00:00:00",
  "last_revision_date": "2022-10-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-891",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6827881 du 06 octobre 2022",
      "url": "https://www.ibm.com/support/pages/node/6827881"
    }
  ]
}

CERTFR-2023-AVI-0701

Vulnerability from certfr_avis - Published: 2023-08-31 - Updated: 2023-08-31

De multiples vulnérabilités ont été découvertes dans Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Universal Forwarder	Universal Forwarder versions 9.0.x antérieures à 9.0.6
Splunk	N/A	Splunk ITSI versions 4.15.x antérieures à 4.15.3
Splunk	Universal Forwarder	Universal Forwarder versions 8.2.x antérieures à 8.2.12
Splunk	N/A	Splunk Cloud versions antérieures à 9.0.2305.200
Splunk	Universal Forwarder	Universal Forwarder versions 9.1.x antérieures à 9.1.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 8.2.x antérieures à 8.2.12
Splunk	N/A	Splunk ITSI versions 4.13.x antérieures à 4.13.3
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.1.x antérieures à 9.1.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.0.x antérieures à 9.0.6

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2023-0802 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0804 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0806 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0810 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0807 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0808 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0803 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0801 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0805 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0809 du 30 août 2023	None	vendor-advisory
Bulletin de sécurité Splunk SVD-2023-0811 du 30 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Universal Forwarder versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk ITSI versions 4.15.x ant\u00e9rieures \u00e0 4.15.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Universal Forwarder versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.0.2305.200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Universal Forwarder versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.12",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk ITSI versions 4.13.x ant\u00e9rieures \u00e0 4.13.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.6",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
    },
    {
      "name": "CVE-2022-40899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2022-32189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
    },
    {
      "name": "CVE-2021-27919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27919"
    },
    {
      "name": "CVE-2019-20454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20454"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2022-30631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
    },
    {
      "name": "CVE-2022-27191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2020-8169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
    },
    {
      "name": "CVE-2022-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
    },
    {
      "name": "CVE-2021-22925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2023-4571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4571"
    },
    {
      "name": "CVE-2022-35260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2022-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2020-28851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
    },
    {
      "name": "CVE-2021-33196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
    },
    {
      "name": "CVE-2021-31525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-22901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
    },
    {
      "name": "CVE-2022-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
    },
    {
      "name": "CVE-2021-33198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2022-41722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
    },
    {
      "name": "CVE-2021-41182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
    },
    {
      "name": "CVE-2023-40592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40592"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2021-38297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
    },
    {
      "name": "CVE-2022-30629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2022-32149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2020-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
    },
    {
      "name": "CVE-2021-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
    },
    {
      "name": "CVE-2021-33197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
    },
    {
      "name": "CVE-2021-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
    },
    {
      "name": "CVE-2022-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
    },
    {
      "name": "CVE-2021-22924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
    },
    {
      "name": "CVE-2022-33987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2023-40596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40596"
    },
    {
      "name": "CVE-2023-40594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40594"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2021-22922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
    },
    {
      "name": "CVE-2023-40595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40595"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2021-38561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
    },
    {
      "name": "CVE-2021-39293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2022-41720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2022-24999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2022-30633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
    },
    {
      "name": "CVE-2022-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
    },
    {
      "name": "CVE-2021-3520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
    },
    {
      "name": "CVE-2022-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
    },
    {
      "name": "CVE-2021-41184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
    },
    {
      "name": "CVE-2021-41183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
    },
    {
      "name": "CVE-2021-36976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2022-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2022-1962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
    },
    {
      "name": "CVE-2021-23382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
    },
    {
      "name": "CVE-2023-40597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40597"
    },
    {
      "name": "CVE-2022-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2309"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2022-28131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2021-22897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2022-23806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
    },
    {
      "name": "CVE-2021-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2022-23773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2021-34558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
    },
    {
      "name": "CVE-2021-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2022-23772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
    },
    {
      "name": "CVE-2020-29652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-40023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2021-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
    },
    {
      "name": "CVE-2020-8231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
    },
    {
      "name": "CVE-2022-27779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2021-31566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
    },
    {
      "name": "CVE-2021-29923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2022-30634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2021-23343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2021-33194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2023-40598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40598"
    },
    {
      "name": "CVE-2013-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7489"
    },
    {
      "name": "CVE-2021-22926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
    },
    {
      "name": "CVE-2021-30560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
    },
    {
      "name": "CVE-2023-40593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40593"
    },
    {
      "name": "CVE-2022-30580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
    },
    {
      "name": "CVE-2018-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
    },
    {
      "name": "CVE-2021-22890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2021-44717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2022-29804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2021-22923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2021-29060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
    },
    {
      "name": "CVE-2021-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
    },
    {
      "name": "CVE-2022-30115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2021-20066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20066"
    },
    {
      "name": "CVE-2021-22876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    },
    {
      "name": "CVE-2022-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    },
    {
      "name": "CVE-2021-33195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
    },
    {
      "name": "CVE-2022-27664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    }
  ],
  "initial_release_date": "2023-08-31T00:00:00",
  "last_revision_date": "2023-08-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0701",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0802 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0804 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0806 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0810 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0810"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0807 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0808 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0808"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0803 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0801 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0805 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0805"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0809 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0809"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0811 du 30 ao\u00fbt 2023",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0811"
    }
  ]
}

CERTFR-2025-AVI-0524

Vulnerability from certfr_avis - Published: 2025-06-19 - Updated: 2025-06-19

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Greenplum	Tanzu Greenplum Data Copy Utility versions antérieures à 2.8.0
VMware	Tanzu	Tanzu Data Lake versions antérieures à 1.1.0
VMware	Tanzu	Tanzu pour Postgres sur Kubernetes versions antérieures à 4.1.0 et 4.2.0
VMware	Tanzu Greenplum	Tanzu Greenplum Command Center versions antérieures à 6.14.0 et 7.4.0
VMware	Tanzu Greenplum	Tanzu Greenplum Backup and Restore versions antérieures à 1.31.1
VMware	Tanzu Greenplum	Tanzu Greenplum Streaming Server versions antérieures à 2.1.0
VMware	Tanzu Greenplum	Tanzu Greenplum versions 6.x antérieures à 6.29.1
VMware	Tanzu Greenplum	Tanzu Greenplum versions 7.x antérieures à 7.5.0
VMware	Tanzu	VMware Tanzu pour Valkey sur Kubernetes versions antérieures à 1.1.0 et 2.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35841	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35844	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35843	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35842	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35846	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35849	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35840	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35847	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35839	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35845	2025-06-18	vendor-advisory
Bulletin de sécurité VMware 35848	2025-06-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Greenplum Data Copy Utility  versions ant\u00e9rieures \u00e0  2.8.0",
      "product": {
        "name": "Tanzu Greenplum",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres sur Kubernetes  versions ant\u00e9rieures \u00e0 4.1.0 et 4.2.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum Command Center  versions ant\u00e9rieures \u00e0  6.14.0 et 7.4.0",
      "product": {
        "name": "Tanzu Greenplum",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum Backup and Restore  versions ant\u00e9rieures \u00e0  1.31.1",
      "product": {
        "name": "Tanzu Greenplum",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum Streaming Server  versions ant\u00e9rieures \u00e0  2.1.0",
      "product": {
        "name": "Tanzu Greenplum",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum  versions 6.x ant\u00e9rieures \u00e0  6.29.1",
      "product": {
        "name": "Tanzu Greenplum",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum  versions 7.x ant\u00e9rieures \u00e0  7.5.0",
      "product": {
        "name": "Tanzu Greenplum",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu pour Valkey sur Kubernetes  versions ant\u00e9rieures \u00e0 1.1.0 et 2.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2126"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2022-30633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2022-27664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
    },
    {
      "name": "CVE-2022-28131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2022-32189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
    },
    {
      "name": "CVE-2022-1962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2022-30631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
    },
    {
      "name": "CVE-2022-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
    },
    {
      "name": "CVE-2022-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2021-45943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2022-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-30629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2022-30580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
    },
    {
      "name": "CVE-2022-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2023-24537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-24536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
    },
    {
      "name": "CVE-2023-24538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2022-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0543"
    },
    {
      "name": "CVE-2023-4039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2023-4016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
    },
    {
      "name": "CVE-2023-29383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2023-39323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2023-24534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2024-1580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1580"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2023-45285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2023-45289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
    },
    {
      "name": "CVE-2023-45290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
    },
    {
      "name": "CVE-2024-24783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
    },
    {
      "name": "CVE-2024-24784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
    },
    {
      "name": "CVE-2024-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2024-23807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2023-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
    },
    {
      "name": "CVE-2024-22365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
    },
    {
      "name": "CVE-2024-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
    },
    {
      "name": "CVE-2023-6228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2024-24788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
    },
    {
      "name": "CVE-2024-7348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
    },
    {
      "name": "CVE-2023-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2022-48468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2024-10976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
    },
    {
      "name": "CVE-2024-10977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
    },
    {
      "name": "CVE-2024-10978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
    },
    {
      "name": "CVE-2024-10979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2025-21490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
    },
    {
      "name": "CVE-2025-21491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
    },
    {
      "name": "CVE-2025-21497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
    },
    {
      "name": "CVE-2025-21500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
    },
    {
      "name": "CVE-2025-21501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
    },
    {
      "name": "CVE-2025-21503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
    },
    {
      "name": "CVE-2025-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
    },
    {
      "name": "CVE-2025-21519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
    },
    {
      "name": "CVE-2025-21522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
    },
    {
      "name": "CVE-2025-21523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
    },
    {
      "name": "CVE-2025-21529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
    },
    {
      "name": "CVE-2025-21540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
    },
    {
      "name": "CVE-2025-21546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
    },
    {
      "name": "CVE-2025-21555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
    },
    {
      "name": "CVE-2025-21559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2023-24531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2022-42967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42967"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2025-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
    },
    {
      "name": "CVE-2025-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
    },
    {
      "name": "CVE-2025-31115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
    },
    {
      "name": "CVE-2012-0880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0880"
    },
    {
      "name": "CVE-2017-17507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17507"
    },
    {
      "name": "CVE-2017-8806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
    },
    {
      "name": "CVE-2018-10126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10126"
    },
    {
      "name": "CVE-2018-11205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11205"
    },
    {
      "name": "CVE-2018-13866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13866"
    },
    {
      "name": "CVE-2018-13867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13867"
    },
    {
      "name": "CVE-2018-13868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13868"
    },
    {
      "name": "CVE-2018-13869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13869"
    },
    {
      "name": "CVE-2018-13870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13870"
    },
    {
      "name": "CVE-2018-13871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13871"
    },
    {
      "name": "CVE-2018-13872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13872"
    },
    {
      "name": "CVE-2018-13874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13874"
    },
    {
      "name": "CVE-2018-13875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13875"
    },
    {
      "name": "CVE-2018-13876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13876"
    },
    {
      "name": "CVE-2018-14031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14031"
    },
    {
      "name": "CVE-2018-14033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14033"
    },
    {
      "name": "CVE-2018-14034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14034"
    },
    {
      "name": "CVE-2018-14035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14035"
    },
    {
      "name": "CVE-2018-14460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14460"
    },
    {
      "name": "CVE-2018-15671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15671"
    },
    {
      "name": "CVE-2018-16438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16438"
    },
    {
      "name": "CVE-2018-17432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17432"
    },
    {
      "name": "CVE-2018-17433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17433"
    },
    {
      "name": "CVE-2018-17434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17434"
    },
    {
      "name": "CVE-2018-17435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17435"
    },
    {
      "name": "CVE-2018-17436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17436"
    },
    {
      "name": "CVE-2018-17437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17437"
    },
    {
      "name": "CVE-2018-17438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17438"
    },
    {
      "name": "CVE-2018-17439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17439"
    },
    {
      "name": "CVE-2019-20005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20005"
    },
    {
      "name": "CVE-2019-20006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20006"
    },
    {
      "name": "CVE-2019-20007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20007"
    },
    {
      "name": "CVE-2019-20198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20198"
    },
    {
      "name": "CVE-2019-20199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20199"
    },
    {
      "name": "CVE-2019-20200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20200"
    },
    {
      "name": "CVE-2019-20201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20201"
    },
    {
      "name": "CVE-2019-20202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20202"
    },
    {
      "name": "CVE-2019-6988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6988"
    },
    {
      "name": "CVE-2019-8396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8396"
    },
    {
      "name": "CVE-2019-8397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8397"
    },
    {
      "name": "CVE-2019-8398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8398"
    },
    {
      "name": "CVE-2019-9151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9151"
    },
    {
      "name": "CVE-2019-9152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9152"
    },
    {
      "name": "CVE-2020-10809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10809"
    },
    {
      "name": "CVE-2020-10810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10810"
    },
    {
      "name": "CVE-2020-10811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10811"
    },
    {
      "name": "CVE-2020-10812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10812"
    },
    {
      "name": "CVE-2020-18232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-18232"
    },
    {
      "name": "CVE-2020-18494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-18494"
    },
    {
      "name": "CVE-2021-26220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26220"
    },
    {
      "name": "CVE-2021-26221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26221"
    },
    {
      "name": "CVE-2021-26222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26222"
    },
    {
      "name": "CVE-2021-30485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30485"
    },
    {
      "name": "CVE-2021-31229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31229"
    },
    {
      "name": "CVE-2021-31347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31347"
    },
    {
      "name": "CVE-2021-31348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31348"
    },
    {
      "name": "CVE-2021-31598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31598"
    },
    {
      "name": "CVE-2021-33430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
    },
    {
      "name": "CVE-2021-37501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37501"
    },
    {
      "name": "CVE-2021-45829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45829"
    },
    {
      "name": "CVE-2021-45830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45830"
    },
    {
      "name": "CVE-2021-45832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45832"
    },
    {
      "name": "CVE-2021-45833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45833"
    },
    {
      "name": "CVE-2021-46242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46242"
    },
    {
      "name": "CVE-2021-46243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46243"
    },
    {
      "name": "CVE-2021-46244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46244"
    },
    {
      "name": "CVE-2022-25942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25942"
    },
    {
      "name": "CVE-2022-25972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25972"
    },
    {
      "name": "CVE-2022-26061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26061"
    },
    {
      "name": "CVE-2022-30045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30045"
    },
    {
      "name": "CVE-2022-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
    },
    {
      "name": "CVE-2022-47655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47655"
    },
    {
      "name": "CVE-2023-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0996"
    },
    {
      "name": "CVE-2023-29659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29659"
    },
    {
      "name": "CVE-2023-32570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
    },
    {
      "name": "CVE-2023-39328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
    },
    {
      "name": "CVE-2023-39329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
    },
    {
      "name": "CVE-2023-51792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
    },
    {
      "name": "CVE-2023-6879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6879"
    },
    {
      "name": "CVE-2024-27304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
    },
    {
      "name": "CVE-2024-29157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29157"
    },
    {
      "name": "CVE-2024-29158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29158"
    },
    {
      "name": "CVE-2024-29159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29159"
    },
    {
      "name": "CVE-2024-29160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29160"
    },
    {
      "name": "CVE-2024-29161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29161"
    },
    {
      "name": "CVE-2024-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29162"
    },
    {
      "name": "CVE-2024-29163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29163"
    },
    {
      "name": "CVE-2024-29164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29164"
    },
    {
      "name": "CVE-2024-29165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29165"
    },
    {
      "name": "CVE-2024-29166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29166"
    },
    {
      "name": "CVE-2024-32605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32605"
    },
    {
      "name": "CVE-2024-32606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32606"
    },
    {
      "name": "CVE-2024-32607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32607"
    },
    {
      "name": "CVE-2024-32608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32608"
    },
    {
      "name": "CVE-2024-32609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32609"
    },
    {
      "name": "CVE-2024-32610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32610"
    },
    {
      "name": "CVE-2024-32611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32611"
    },
    {
      "name": "CVE-2024-32612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32612"
    },
    {
      "name": "CVE-2024-32613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32613"
    },
    {
      "name": "CVE-2024-32614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32614"
    },
    {
      "name": "CVE-2024-32615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32615"
    },
    {
      "name": "CVE-2024-32616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32616"
    },
    {
      "name": "CVE-2024-32617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32617"
    },
    {
      "name": "CVE-2024-32618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32618"
    },
    {
      "name": "CVE-2024-32619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32619"
    },
    {
      "name": "CVE-2024-32620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32620"
    },
    {
      "name": "CVE-2024-32621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32621"
    },
    {
      "name": "CVE-2024-32622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32622"
    },
    {
      "name": "CVE-2024-32623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32623"
    },
    {
      "name": "CVE-2024-32624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32624"
    },
    {
      "name": "CVE-2024-33873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33873"
    },
    {
      "name": "CVE-2024-33874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33874"
    },
    {
      "name": "CVE-2024-33875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33875"
    },
    {
      "name": "CVE-2024-33876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33876"
    },
    {
      "name": "CVE-2024-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33877"
    },
    {
      "name": "CVE-2024-34402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34402"
    },
    {
      "name": "CVE-2024-34403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34403"
    },
    {
      "name": "CVE-2024-38949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
    },
    {
      "name": "CVE-2024-38950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
    },
    {
      "name": "CVE-2024-41996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
    },
    {
      "name": "CVE-2024-45993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
    },
    {
      "name": "CVE-2024-46981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46981"
    },
    {
      "name": "CVE-2024-49203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49203"
    },
    {
      "name": "CVE-2024-5171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5171"
    },
    {
      "name": "CVE-2024-51741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51741"
    },
    {
      "name": "CVE-2024-52522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52522"
    },
    {
      "name": "CVE-2024-52616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
    },
    {
      "name": "CVE-2024-53427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
    },
    {
      "name": "CVE-2024-53920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
    },
    {
      "name": "CVE-2024-56378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56378"
    },
    {
      "name": "CVE-2024-56406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
    },
    {
      "name": "CVE-2024-56826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
    },
    {
      "name": "CVE-2024-56827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
    },
    {
      "name": "CVE-2024-6716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6716"
    },
    {
      "name": "CVE-2025-2153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2153"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-23022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23022"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    }
  ],
  "initial_release_date": "2025-06-19T00:00:00",
  "last_revision_date": "2025-06-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0524",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35841",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35841"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35844",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35844"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35843",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35843"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35842",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35842"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35846",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35846"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35849",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35849"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35840",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35840"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35847",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35847"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35839",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35839"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35845",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35845"
    },
    {
      "published_at": "2025-06-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35848",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35848"
    }
  ]
}

GSD-2022-1941

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-1941

Aliases

CVE-2022-1941

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-1941",
    "description": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.",
    "id": "GSD-2022-1941",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-1941.html",
      "https://ubuntu.com/security/CVE-2022-1941",
      "https://security.archlinux.org/CVE-2022-1941"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-1941"
      ],
      "details": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.",
      "id": "GSD-2022-1941",
      "modified": "2023-12-13T01:19:28.076585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2022-1941",
        "STATE": "PUBLIC",
        "TITLE": "Out of Memory issue in ProtocolBuffers for cpp and python"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "protobuf-cpp",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.16.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.17.3"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.18.2"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.19.4"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.20.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.21.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google LLC"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "protobuf-python",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.16.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.17.3"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.18.2"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.19.4"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "3.20.1"
                        },
                        {
                          "version_affected": "\u003c=",
                          "version_value": "4.21.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google LLC"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "CluterFuzz - https://google.github.io/clusterfuzz/"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT",
          "availabilityImpact": "HIGH",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cloud.google.com/support/bulletins#GCP-2022-019",
            "refsource": "CONFIRM",
            "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
          },
          {
            "name": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf",
            "refsource": "CONFIRM",
            "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
          },
          {
            "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
          },
          {
            "name": "FEDORA-2022-25f35ed634",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
          },
          {
            "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
          },
          {
            "name": "FEDORA-2022-15729fa33d",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
          }
        ]
      },
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c3.18.3||\u003e=3.19.0 \u003c3.19.5||\u003e=3.20.0 \u003c3.20.2||\u003e=3.21.0 \u003c3.21.6",
          "affected_versions": "All versions before 3.18.3, all versions starting from 3.19.0 before 3.19.5, all versions starting from 3.20.0 before 3.20.2, all versions starting from 3.21.0 before 3.21.6",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-06-27",
          "description": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.",
          "fixed_versions": [
            "3.19.6",
            "3.21.9"
          ],
          "identifier": "CVE-2022-1941",
          "identifiers": [
            "CVE-2022-1941",
            "GHSA-8gq9-2x98-w8hf"
          ],
          "not_impacted": "All versions starting from 3.18.3 before 3.19.0, all versions starting from 3.19.5 before 3.20.0, all versions starting from 3.20.2 before 3.21.0, all versions starting from 3.21.6",
          "package_slug": "conan/protobuf",
          "pubdate": "2022-09-22",
          "solution": "Upgrade to versions 3.19.6, 3.21.9 or above.",
          "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-1941",
            "https://cloud.google.com/support/bulletins#GCP-2022-019",
            "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
          ],
          "uuid": "7863d140-0359-423e-9306-d370b73a4300"
        },
        {
          "affected_range": "\u003c3.18.3||\u003e=3.19.0,\u003c3.19.5||\u003e=3.20.0,\u003c3.20.2||\u003e=4.0.0,\u003c4.21.6",
          "affected_versions": "All versions before 3.18.3, all versions starting from 3.19.0 before 3.19.5, all versions starting from 3.20.0 before 3.20.2, all versions starting from 4.0.0 before 4.21.6",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-06-27",
          "description": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.",
          "fixed_versions": [
            "3.18.3",
            "3.19.5",
            "3.20.2",
            "4.21.6"
          ],
          "identifier": "CVE-2022-1941",
          "identifiers": [
            "CVE-2022-1941",
            "GHSA-8gq9-2x98-w8hf"
          ],
          "not_impacted": "All versions starting from 3.18.3 before 3.19.0, all versions starting from 3.19.5 before 3.20.0, all versions starting from 3.20.2 before 4.0.0, all versions starting from 4.21.6",
          "package_slug": "pypi/protobuf",
          "pubdate": "2022-09-22",
          "solution": "Upgrade to versions 3.18.3, 3.19.5, 3.20.2, 4.21.6 or above.",
          "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "urls": [
            "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-1941",
            "https://cloud.google.com/support/bulletins#GCP-2022-019",
            "https://github.com/advisories/GHSA-8gq9-2x98-w8hf"
          ],
          "uuid": "485f851d-f375-4032-8db0-7e8b03909ee7"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.21.6",
                "versionStartIncluding": "3.21.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.20.2",
                "versionStartIncluding": "3.20.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.19.5",
                "versionStartIncluding": "3.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.18.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.21.6",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.20.2",
                "versionStartIncluding": "3.20.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.19.5",
                "versionStartIncluding": "3.19.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.18.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2022-1941"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cloud.google.com/support/bulletins#GCP-2022-019",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
            },
            {
              "name": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
            },
            {
              "name": "[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
            },
            {
              "name": "FEDORA-2022-25f35ed634",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
            },
            {
              "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
            },
            {
              "name": "FEDORA-2022-15729fa33d",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-06-27T15:45Z",
      "publishedDate": "2022-09-22T15:15Z"
    }
  }
}

CVE-2022-1941

Vulnerability from fstec - Published: 13.09.2022

Title

Уязвимость протокола сериализации данных Protobuf, связанная с неправильной проверкой синтаксической корректности ввода, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость протокола сериализации данных Protobuf связана с неправильной проверкой синтаксической корректности ввода. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Google Inc, АО "НППКТ", ООО «Открытая мобильная платформа», ООО «НЦПР»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Protobuf, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС Аврора (запись в едином реестре российских программ №1543), МСВСфера

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Common Edition), до 3.18.3 (Protobuf), от 3.19.0 до 3.19.5 (Protobuf), от 3.20.0 до 3.20.2 (Protobuf), от 3.21.0 до 3.21.6 (Protobuf), от 4.0.0 до 4.21.6 (Protobuf), до 2.8 (ОСОН ОСнова Оnyx), до 5.1.4 включительно (ОС Аврора), 9.5 (МСВСфера)

Possible Mitigations

Для Protobuf: использование рекомендаций производителя: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2022-1941 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD Для ОСОН ОСнова Оnyx: Обновление программного обеспечения protobuf до версии 3.6.1.3-2+deb10u1 Для ОС Astra Linux Special Edition для архитектуры ARM 4.7: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47 Для ОС Аврора: https://cve.omp.ru/bb27514 Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:7138?lang=ru Для ОС Astra Linux: обновить пакет protobuf до 3.0.0-9+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

Reference

http://www.openwall.com/lists/oss-security/2022/09/27/1 https://cloud.google.com/support/bulletins#GCP-2022-019 https://github.com/protocolbuffers/protobuf/commit/7764c864bd5acdf60230a7b8fd29816170d0d04e https://github.com/protocolbuffers/protobuf/commit/806d7e4ce6f1fd0545cae226b94cb0249ea495c7 https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf https://nvd.nist.gov/vuln/detail/CVE-2022-1941 https://security-tracker.debian.org/tracker/CVE-2022-1941 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47 https://cve.omp.ru/bb27514 https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:7138?lang=ru https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

CWE

CWE-1286

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb, \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), \u0434\u043e 3.18.3 (Protobuf), \u043e\u0442 3.19.0 \u0434\u043e 3.19.5 (Protobuf), \u043e\u0442 3.20.0 \u0434\u043e 3.20.2 (Protobuf), \u043e\u0442 3.21.0 \u0434\u043e 3.21.6 (Protobuf), \u043e\u0442 4.0.0 \u0434\u043e 4.21.6 (Protobuf), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 5.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Protobuf:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2022-1941\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f protobuf \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.6.1.3-2+deb10u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM 4.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb27514\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2025:7138?lang=ru\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 protobuf \u0434\u043e 3.0.0-9+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.07.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-03839",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1941",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Protobuf, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Protobuf, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u0438 \u0432\u0432\u043e\u0434\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u0438 \u0432\u0432\u043e\u0434\u0430 (CWE-1286)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Protobuf \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0441\u0442\u0438 \u0432\u0432\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.openwall.com/lists/oss-security/2022/09/27/1\nhttps://cloud.google.com/support/bulletins#GCP-2022-019\nhttps://github.com/protocolbuffers/protobuf/commit/7764c864bd5acdf60230a7b8fd29816170d0d04e\nhttps://github.com/protocolbuffers/protobuf/commit/806d7e4ce6f1fd0545cae226b94cb0249ea495c7\nhttps://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1941\nhttps://security-tracker.debian.org/tracker/CVE-2022-1941\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\nhttps://cve.omp.ru/bb27514\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2025:7138?lang=ru\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-1286",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2022-1941

Vulnerability from fkie_nvd - Published: 2022-09-22 15:15 - Updated: 2024-11-21 06:41

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve-coordination@google.com	http://www.openwall.com/lists/oss-security/2022/09/27/1	Mailing List, Third Party Advisory
cve-coordination@google.com	https://cloud.google.com/support/bulletins#GCP-2022-019	Third Party Advisory
cve-coordination@google.com	https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf	Third Party Advisory
cve-coordination@google.com	https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html	Mailing List
cve-coordination@google.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
cve-coordination@google.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
cve-coordination@google.com	https://security.netapp.com/advisory/ntap-20240705-0001/
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/09/27/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cloud.google.com/support/bulletins#GCP-2022-019	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240705-0001/

Impacted products

Vendor	Product	Version
google	protobuf-cpp	*
google	protobuf-cpp	*
google	protobuf-cpp	*
google	protobuf-cpp	*
google	protobuf-python	*
google	protobuf-python	*
google	protobuf-python	*
google	protobuf-python	*
fedoraproject	fedora	36
fedoraproject	fedora	37
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A836785-66BB-421D-83DC-01AC558E7EB8",
              "versionEndExcluding": "3.18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2CE47F2-1804-4931-9DC9-A725DD3E2706",
              "versionEndExcluding": "3.19.5",
              "versionStartIncluding": "3.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA60969-22F7-4A4A-9053-EEEC7EA6F5D9",
              "versionEndExcluding": "3.20.2",
              "versionStartIncluding": "3.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-cpp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BCDB1F-CBA9-4045-938F-E695AD4655B0",
              "versionEndExcluding": "3.21.6",
              "versionStartIncluding": "3.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F35B30A-9AFA-4CFB-A28A-19ADED42D5DD",
              "versionEndExcluding": "3.18.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A719BA3-DC20-4ADA-9F90-5F695609752A",
              "versionEndExcluding": "3.19.5",
              "versionStartIncluding": "3.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C38B17-4211-438B-A01B-6967D30DB08E",
              "versionEndExcluding": "3.20.2",
              "versionStartIncluding": "3.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "046EB3D9-94B5-434C-A14F-6EE26F26091E",
              "versionEndExcluding": "4.21.6",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de an\u00e1lisis de tipo MessageSet en ProtocolBuffers versiones anteriores a 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 y 3.21.5 para protobuf-cpp, y las versiones anteriores a la 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 y 4.21.5 para protobuf-python, entre otras, puede conllevar a fallos de memoria. Un mensaje especialmente dise\u00f1ado con m\u00faltiples elementos clave-valor por crea problemas de an\u00e1lisis, y puede conllevar a una denegaci\u00f3n de servicio contra los servicios que reciban entradas no saneadas. Es recomendado actualizar a versiones 3.18.3, 3.19.5, 3.20.2, 3.21.6 para protobuf-cpp y 3.18.3, 3.19.5, 3.20.2, 4.21.6 para protobuf-python. Las versiones para 3.16 y 3.17 ya no son actualizadas"
    }
  ],
  "id": "CVE-2022-1941",
  "lastModified": "2024-11-21T06:41:47.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-09-22T15:15:09.203",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://security.netapp.com/advisory/ntap-20240705-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240705-0001/"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1286"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-1941

Vulnerability from osv_almalinux

Published

2025-05-13 00:00

Modified

2025-07-02 13:27

Summary

Moderate: protobuf security update

Details

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

Security Fix(es):

protobuf: message parsing vulnerability in ProtocolBuffers (CVE-2022-1941)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0-16.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "protobuf-compiler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0-16.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "protobuf-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0-16.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "protobuf-lite"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0-16.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "protobuf-lite-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0-16.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "python3-protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0-16.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The protobuf packages provide Protocol Buffers, Google\u0027s data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.  \n\nSecurity Fix(es):  \n\n  * protobuf: message parsing vulnerability in ProtocolBuffers (CVE-2022-1941)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  \n\nAdditional Changes:  \n\nFor detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.\n",
  "id": "ALSA-2025:7138",
  "modified": "2025-07-02T13:27:31Z",
  "published": "2025-05-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:7138"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1941"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2291470"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-7138.html"
    }
  ],
  "related": [
    "CVE-2022-1941"
  ],
  "summary": "Moderate: protobuf security update"
}

GHSA-8GQ9-2X98-W8HF

Vulnerability from github – Published: 2022-09-23 20:31 – Updated: 2024-07-05 21:23

Summary

protobuf-cpp and protobuf-python have potential Denial of Service issue

Details

Summary

A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message, which could lead to a denial of service (DoS) on services using the libraries.

Reporter: ClusterFuzz

Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below.

Severity & Impact

As scored by google
Medium 5.7 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Asscored byt NIST
High 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A small (~500 KB) malicious payload can be constructed which causes the running service to allocate more than 3GB of RAM.

Proof of Concept

For reproduction details, please refer to the unit test that identifies the specific inputs that exercise this parsing weakness.

Mitigation / Patching

Please update to the latest available versions of the following packages: - protobuf-cpp (3.18.3, 3.19.5, 3.20.2, 3.21.6) - protobuf-python (3.18.3, 3.19.5, 3.20.2, 4.21.6)

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.19.0"
            },
            {
              "fixed": "3.19.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.20.0"
            },
            {
              "fixed": "3.20.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "protobuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.21.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1941"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-1286"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-23T20:31:15Z",
    "nvd_published_at": "2022-09-22T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nA message parsing and memory management vulnerability in ProtocolBuffer\u2019s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message, which could lead to a denial of service (DoS) on services using the libraries.\n\nReporter: [ClusterFuzz](https://google.github.io/clusterfuzz/)\n\nAffected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below.\n\n### Severity \u0026 Impact\nAs scored by google  \n**Medium 5.7** - [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)  \nAsscored byt NIST  \n**High 7.5** - [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nA small (~500 KB) malicious payload can be constructed which causes the running service to allocate more than 3GB of RAM.\n\n### Proof of Concept\n\nFor reproduction details, please refer to the unit test that identifies the specific inputs that exercise this parsing weakness.\n\n### Mitigation / Patching\n\nPlease update to the latest available versions of the following packages:\n- protobuf-cpp (3.18.3, 3.19.5, 3.20.2, 3.21.6)\n- protobuf-python (3.18.3, 3.19.5, 3.20.2, 4.21.6)",
  "id": "GHSA-8gq9-2x98-w8hf",
  "modified": "2024-07-05T21:23:56Z",
  "published": "2022-09-23T20:31:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1941"
    },
    {
      "type": "WEB",
      "url": "https://cloud.google.com/support/bulletins#GCP-2022-019"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/protocolbuffers/protobuf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240705-0001"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/09/27/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "protobuf-cpp and protobuf-python have potential Denial of Service issue"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-1941 (GCVE-0-2022-1941)

Solution

Solution

Solution

Solutions

Vulnerability from osv_almalinux

Summary

Severity & Impact

Proof of Concept

Mitigation / Patching

Tags

Sightings

Nomenclature