Vulnerability-Lookup

CVE-2022-41916 (GCVE-0-2022-41916)

Vulnerability from cvelistv5 – Published: 2022-11-15 00:00 – Updated: 2025-04-23 16:37

Title

Read one byte past a buffer when normalizing Unicode

Summary

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-193 - Off-by-one Error

Assigner

GitHub_M

References

URL

Tags

	https://github.com/heimdal/heimdal/security/advis…
	https://www.debian.org/security/2022/dsa-5287	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022…	mailing-list
	https://security.netapp.com/advisory/ntap-2023021…
	https://security.gentoo.org/glsa/202310-06	vendor-advisory

Impacted products

	Vendor	Product	Version
	heimdal	heimdal	Affected: < 7.7.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
          },
          {
            "name": "DSA-5287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5287"
          },
          {
            "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
          },
          {
            "name": "GLSA-202310-06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-06"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:54:33.510262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:37:26.786Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "heimdal",
          "vendor": "heimdal",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.7.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-193",
              "description": "CWE-193: Off-by-one Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-08T08:06:36.676Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
        },
        {
          "name": "DSA-5287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5287"
        },
        {
          "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
        },
        {
          "name": "GLSA-202310-06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202310-06"
        }
      ],
      "source": {
        "advisory": "GHSA-mgqr-gvh6-23cx",
        "discovery": "UNKNOWN"
      },
      "title": "Read one byte past a buffer when normalizing Unicode"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41916",
    "datePublished": "2022-11-15T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:37:26.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5287\", \"name\": \"DSA-5287\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html\", \"name\": \"[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230216-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-06\", \"name\": \"GLSA-202310-06\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:56:38.394Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41916\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:54:33.510262Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T13:54:34.924Z\"}}], \"cna\": {\"title\": \"Read one byte past a buffer when normalizing Unicode\", \"source\": {\"advisory\": \"GHSA-mgqr-gvh6-23cx\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"heimdal\", \"product\": \"heimdal\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.7.1\"}]}], \"references\": [{\"url\": \"https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5287\", \"name\": \"DSA-5287\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html\", \"name\": \"[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230216-0008/\"}, {\"url\": \"https://security.gentoo.org/glsa/202310-06\", \"name\": \"GLSA-202310-06\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-193\", \"description\": \"CWE-193: Off-by-one Error\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-08T08:06:36.676Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41916\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T16:37:26.786Z\", \"dateReserved\": \"2022-09-30T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-11-15T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2022-41916

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41916

Aliases

CVE-2022-41916

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41916",
    "id": "GSD-2022-41916",
    "references": [
      "https://www.debian.org/security/2022/dsa-5287",
      "https://advisories.mageia.org/CVE-2022-41916.html",
      "https://www.suse.com/security/cve/CVE-2022-41916.html",
      "https://ubuntu.com/security/CVE-2022-41916"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41916"
      ],
      "details": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.",
      "id": "GSD-2022-41916",
      "modified": "2023-12-13T01:19:33.169488Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-41916",
        "STATE": "PUBLIC",
        "TITLE": "Read one byte past a buffer when normalizing Unicode"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "heimdal",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 7.7.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "heimdal"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-193: Off-by-one Error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx",
            "refsource": "CONFIRM",
            "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
          },
          {
            "name": "DSA-5287",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2022/dsa-5287"
          },
          {
            "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230216-0008/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
          },
          {
            "name": "GLSA-202310-06",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202310-06"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-mgqr-gvh6-23cx",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-41916"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-193"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
            },
            {
              "name": "DSA-5287",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5287"
            },
            {
              "name": "[debian-lts-announce] 20221126 [SECURITY] [DLA 3206-1] heimdal security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230216-0008/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
            },
            {
              "name": "GLSA-202310-06",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202310-06"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-10-08T09:15Z",
      "publishedDate": "2022-11-15T23:15Z"
    }
  }
}

FKIE_CVE-2022-41916

Vulnerability from fkie_nvd - Published: 2022-11-15 23:15 - Updated: 2024-11-21 07:24

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx	Third Party Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html	Mailing List, Third Party Advisory
security-advisories@github.com	https://security.gentoo.org/glsa/202310-06
security-advisories@github.com	https://security.netapp.com/advisory/ntap-20230216-0008/
security-advisories@github.com	https://www.debian.org/security/2022/dsa-5287	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202310-06
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230216-0008/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5287	Third Party Advisory

Impacted products

Vendor	Product	Version
heimdal_project	heimdal	*
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:heimdal_project:heimdal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "537FE65E-6E3F-4441-8B35-7B48214EA04D",
              "versionEndExcluding": "7.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal\u0027s PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal\u0027s libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue."
    },
    {
      "lang": "es",
      "value": "Heimdal es una implementaci\u00f3n de ASN.1/DER, PKIX y Kerberos. Las versiones anteriores a la 7.7.1 son vulnerables a una vulnerabilidad de denegaci\u00f3n de servicio en la biblioteca de validaci\u00f3n de certificados PKI de Heimdal, lo que afecta a KDC (a trav\u00e9s de PKINIT) y kinit (a trav\u00e9s de PKINIT), as\u00ed como a cualquier aplicaci\u00f3n de terceros que utilice libhx509 de Heimdal. Los usuarios deben actualizar a Heimdal 7.7.1 o 7.8. No se conocen workarounds para este problema."
    }
  ],
  "id": "CVE-2022-41916",
  "lastModified": "2024-11-21T07:24:03.720",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T23:15:27.197",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://security.gentoo.org/glsa/202310-06"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202310-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5287"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2023-AVI-0385

Vulnerability from certfr_avis - Published: 2023-05-15 - Updated: 2023-05-15

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	Tanzu	Platform Automation Toolkit versions 4.2.x antérieures à 4.2.8
VMware	Tanzu	Tanzu Application Service for VMs versions 4.0.x avec Jammy Stemcells antérieures à 1.80
VMware	Tanzu	Platform Automation Toolkit versions 4.3.x antérieures à 4.3.5
VMware	Tanzu	Isolation Segment versions 3.0.x antérieures à 3.0.7 avec Jammy Stemcells antérieures à 1.80
VMware	Tanzu	Isolation Segment versions 4.0.x avec Jammy Stemcells antérieures à 1.80
VMware	Tanzu	Isolation Segment versions 2.8.x avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Platform Automation Toolkit versions 5.0.x antérieures à 5.0.24
VMware	Tanzu	Platform Automation Toolkit versions 4.0.x antérieures à 4.0.13
VMware	Tanzu	Tanzu Application Service for VMs versions 2.13.x antérieures à 2.13.15 avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Isolation Segment versions 2.11.x antérieures à 2.11.27 avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Tanzu Greenplum for Kubernetes versions antérieures à 2.0.0
VMware	Tanzu	Platform Automation Toolkit versions 4.1.x antérieures à 4.1.13
VMware	Tanzu	Tanzu Application Service for VMs versions 2.10.x avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Tanzu Application Service for VMs versions 2.12.x antérieures à 2.12.22 avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Platform Automation Toolkit versions 4.4.x antérieures à 4.4.31
VMware	Tanzu	Tanzu Application Service for VMs versions 3.0.x antérieures à 3.0.7 avec Jammy Stemcells antérieures à 1.80
VMware	Tanzu	Tanzu Application Service for VMs versions 2.9.x avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Tanzu Application Service for VMs versions 2.8.x avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Isolation Segment versions 2.9.x avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Tanzu RabbitMQ for VMs versions 2.2.x avec Jammy Stemcells antérieures à 1.80
VMware	Tanzu	Operations Manager 2.10.x versions antérieures 2.10.52
VMware	Tanzu	Operations Manager 3.0.x versions antérieures 3.0.4
VMware	Tanzu	Isolation Segment versions 2.13.x antérieures à 2.13.12 avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Tanzu Application Service for VMs versions 2.11.x antérieures à 2.11.33 avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Isolation Segment versions 2.10.x avec Xenial Stemcells antérieures à 621.376
VMware	Tanzu	Isolation Segment versions 2.12.x antérieures à 2.12.17 avec Xenial Stemcells antérieures à 621.376

References

Title

Publication Time

Tags

Bulletin de sécurité VMware Spring USN-5768-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5788-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5775-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5770-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5766-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5762-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5767-2 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Spring USN-5767-1 du 11 mai 2023	None	vendor-advisory
Bulletin de sécurité VMware Tanzu USN-5788-1 du 11 mai 2023	-	other
Bulletin de sécurité VMware Tanzu USN-5767-1 du 11 mai 2023	-	other
Bulletin de sécurité VMware Tanzu USN-5770-1 du 11 mai 2023	-	other
Bulletin de sécurité VMware Tanzu USN-5767-2 du 11 mai 2023	-	other
Bulletin de sécurité VMware Tanzu USN-5775-1 du 11 mai 2023	-	other
Bulletin de sécurité VMware Tanzu USN-5766-1 du 11 mai 2023	-	other
Bulletin de sécurité VMware Tanzu USN-5768-1 du 11 mai 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 4.0.x avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.3.x ant\u00e9rieures \u00e0 4.3.5",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 4.0.x avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.8.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 5.0.x ant\u00e9rieures \u00e0 5.0.24",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 4.0.13",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 2.13.x ant\u00e9rieures \u00e0 2.13.15 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.27 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum for Kubernetes versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 2.10.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 2.12.x ant\u00e9rieures \u00e0 2.12.22 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.4.x ant\u00e9rieures \u00e0 4.4.31",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 2.9.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 2.8.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.9.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu RabbitMQ for VMs versions 2.2.x avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager 2.10.x versions ant\u00e9rieures 2.10.52",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager 3.0.x versions ant\u00e9rieures 3.0.4",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.12 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service for VMs versions 2.11.x ant\u00e9rieures \u00e0 2.11.33 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.10.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 2.12.x ant\u00e9rieures \u00e0 2.12.17 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2022-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3591"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
    },
    {
      "name": "CVE-2022-41916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41916"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2022-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
    },
    {
      "name": "CVE-2017-11671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
    },
    {
      "name": "CVE-2022-2581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2581"
    },
    {
      "name": "CVE-2022-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2016-10228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
    },
    {
      "name": "CVE-2022-38533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
    },
    {
      "name": "CVE-2022-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
    },
    {
      "name": "CVE-2020-27618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
    },
    {
      "name": "CVE-2017-12132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12132"
    }
  ],
  "initial_release_date": "2023-05-15T00:00:00",
  "last_revision_date": "2023-05-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5788-1 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5788-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5767-1 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5766-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5770-1 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5770-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5767-2 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5767-2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5775-1 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5775-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5766-1 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5762-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5768-1 du 11 mai 2023",
      "url": "https://tanzu.vmware.com/security/usn-5768-1"
    }
  ],
  "reference": "CERTFR-2023-AVI-0385",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVMware Tanzu\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de\nservice \u00e0 distance et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5768-1 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5788-1 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5775-1 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5770-1 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5766-1 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5762-1 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5767-2 du 11 mai 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5767-1 du 11 mai 2023",
      "url": null
    }
  ]
}

CERTFR-2024-AVI-0067

Vulnerability from certfr_avis - Published: 2024-01-25 - Updated: 2024-01-25

De multiples vulnérabilités ont été découvertes dans les produits NetApp. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Management Services pour Element Software et NetApp HCI versions antérieures à 2.23.64
NetApp E-Series Performance Analyzer toutes versions
ONTAP Select Deploy administration utility versions antérieures à 9.13.1

L'éditeur précise que NetApp E-Series Performance Analyzer n'est plus supporté et ne bénificiera pas de correctif de sécurité.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité NetApp ntap-20230216-0008 du 24 février 2024	None	vendor-advisory
Bulletin de sécurité NetApp ntap-20230216-0008 du 24 février 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eManagement Services pour Element Software et NetApp HCI versions ant\u00e9rieures \u00e0 2.23.64\u003c/li\u003e \u003cli\u003eNetApp E-Series Performance Analyzer toutes versions\u003c/li\u003e \u003cli\u003eONTAP Select Deploy administration utility versions ant\u00e9rieures \u00e0 9.13.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur pr\u00e9cise que NetApp E-Series Performance Analyzer n\u0027est plus support\u00e9 et ne b\u00e9nificiera pas de correctif de s\u00e9curit\u00e9.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-3671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3671"
    },
    {
      "name": "CVE-2022-41916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41916"
    },
    {
      "name": "CVE-2022-3437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3437"
    },
    {
      "name": "CVE-2021-44758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44758"
    },
    {
      "name": "CVE-2022-44640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44640"
    },
    {
      "name": "CVE-2019-14870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14870"
    },
    {
      "name": "CVE-2022-42898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
    }
  ],
  "initial_release_date": "2024-01-25T00:00:00",
  "last_revision_date": "2024-01-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230216-0008 du 24 f\u00e9vrier 2024",
      "url": "https://security.netapp.com/advisory/ntap-20230216-0008/"
    }
  ],
  "reference": "CERTFR-2024-AVI-0067",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nNetApp. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 NetApp ntap-20230216-0008 du 24 f\u00e9vrier 2024",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41916 (GCVE-0-2022-41916)

GSD-2022-41916

FKIE_CVE-2022-41916

CERTFR-2023-AVI-0385

Solution

CERTFR-2024-AVI-0067

Solution

Tags

Sightings

Nomenclature