Search for vulnerabilities
Vulnerability details: VCID-1s79-uech-aaak
Vulnerability ID VCID-1s79-uech-aaak
Aliases CVE-2022-41715
Summary Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41715.json
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00015 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2022-41715
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41715
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41715
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41715.json
https://api.first.org/data/v1/epss?cve=CVE-2022-41715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/439356
https://go.dev/issue/55949
https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THKJHFMX4DAZXJ5MFPN3BNHZDN7BW5RI/
https://pkg.go.dev/vuln/GO-2022-1039
2132872 https://bugzilla.redhat.com/show_bug.cgi?id=2132872
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-41715 https://nvd.nist.gov/vuln/detail/CVE-2022-41715
GLSA-202311-09 https://security.gentoo.org/glsa/202311-09
RHSA-2022:7399 https://access.redhat.com/errata/RHSA-2022:7399
RHSA-2022:8535 https://access.redhat.com/errata/RHSA-2022:8535
RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781
RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264
RHSA-2023:0328 https://access.redhat.com/errata/RHSA-2023:0328
RHSA-2023:0445 https://access.redhat.com/errata/RHSA-2023:0445
RHSA-2023:0446 https://access.redhat.com/errata/RHSA-2023:0446
RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542
RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584
RHSA-2023:0631 https://access.redhat.com/errata/RHSA-2023:0631
RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
RHSA-2023:0708 https://access.redhat.com/errata/RHSA-2023:0708
RHSA-2023:0709 https://access.redhat.com/errata/RHSA-2023:0709
RHSA-2023:0727 https://access.redhat.com/errata/RHSA-2023:0727
RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
RHSA-2023:1079 https://access.redhat.com/errata/RHSA-2023:1079
RHSA-2023:1174 https://access.redhat.com/errata/RHSA-2023:1174
RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275
RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
RHSA-2023:2167 https://access.redhat.com/errata/RHSA-2023:2167
RHSA-2023:2204 https://access.redhat.com/errata/RHSA-2023:2204
RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357
RHSA-2023:2592 https://access.redhat.com/errata/RHSA-2023:2592
RHSA-2023:2780 https://access.redhat.com/errata/RHSA-2023:2780
RHSA-2023:2784 https://access.redhat.com/errata/RHSA-2023:2784
RHSA-2023:2866 https://access.redhat.com/errata/RHSA-2023:2866
RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205
RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2023:3664 https://access.redhat.com/errata/RHSA-2023:3664
RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
RHSA-2023:4003 https://access.redhat.com/errata/RHSA-2023:4003
RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121
RHSA-2024:2586 https://access.redhat.com/errata/RHSA-2024:2586
RHSA-2024:2944 https://access.redhat.com/errata/RHSA-2024:2944
RHSA-2024:2988 https://access.redhat.com/errata/RHSA-2024:2988
USN-6038-1 https://usn.ubuntu.com/6038-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41715.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41715
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41715
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01607
EPSS Score 0.00015
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.