VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2esh-sm4z-aaag

Essentials
Severities (121)
References (49)
Severity details (34)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-2esh-sm4z-aaag
Aliases	CVE-2022-43680
Summary	In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00244	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00251	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.00414	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.01064	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.01064	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.01064	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.01064	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
epss	0.02132	https://api.first.org/data/v1/epss?cve=CVE-2022-43680
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/libexpat/libexpat/issues/649
ssvc	Track	https://github.com/libexpat/libexpat/issues/649
cvssv3.1	7.5	https://github.com/libexpat/libexpat/pull/616
ssvc	Track	https://github.com/libexpat/libexpat/pull/616
cvssv3.1	7.5	https://github.com/libexpat/libexpat/pull/650
ssvc	Track	https://github.com/libexpat/libexpat/pull/650
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-43680
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-43680
cvssv3.1	7.5	https://security.gentoo.org/glsa/202210-38
ssvc	Track	https://security.gentoo.org/glsa/202210-38
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20221118-0007/
ssvc	Track	https://security.netapp.com/advisory/ntap-20221118-0007/
cvssv3.1	7.5	https://www.debian.org/security/2022/dsa-5266
ssvc	Track	https://www.debian.org/security/2022/dsa-5266
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2023/12/28/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/12/28/5
cvssv3.1	7.5	http://www.openwall.com/lists/oss-security/2024/01/03/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2024/01/03/5

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-43680
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/libexpat/libexpat/issues/649
		https://github.com/libexpat/libexpat/pull/616
		https://github.com/libexpat/libexpat/pull/650
		https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
		https://security.gentoo.org/glsa/202210-38
		https://security.netapp.com/advisory/ntap-20221118-0007/
		https://www.debian.org/security/2022/dsa-5266
		http://www.openwall.com/lists/oss-security/2023/12/28/5
		http://www.openwall.com/lists/oss-security/2024/01/03/5
1022743		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022743
2140059		https://bugzilla.redhat.com/show_bug.cgi?id=2140059
cpe:2.3:a:libexpat_project:libexpat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat::::::::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2022-43680		https://nvd.nist.gov/vuln/detail/CVE-2022-43680
RHSA-2022:8548		https://access.redhat.com/errata/RHSA-2022:8548
RHSA-2022:8549		https://access.redhat.com/errata/RHSA-2022:8549
RHSA-2022:8550		https://access.redhat.com/errata/RHSA-2022:8550
RHSA-2022:8553		https://access.redhat.com/errata/RHSA-2022:8553
RHSA-2022:8554		https://access.redhat.com/errata/RHSA-2022:8554
RHSA-2023:0103		https://access.redhat.com/errata/RHSA-2023:0103
RHSA-2023:0337		https://access.redhat.com/errata/RHSA-2023:0337
RHSA-2023:3355		https://access.redhat.com/errata/RHSA-2023:3355
RHSA-2024:0421		https://access.redhat.com/errata/RHSA-2024:0421
USN-5638-2		https://usn.ubuntu.com/5638-2/
USN-5638-3		https://usn.ubuntu.com/5638-3/
USN-5638-4		https://usn.ubuntu.com/5638-4/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43680.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/libexpat/libexpat/issues/649

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://github.com/libexpat/libexpat/issues/649

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/libexpat/libexpat/pull/616

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://github.com/libexpat/libexpat/pull/616

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/libexpat/libexpat/pull/650

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://github.com/libexpat/libexpat/pull/650

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-43680

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-43680

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-38

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://security.gentoo.org/glsa/202210-38

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20221118-0007/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://security.netapp.com/advisory/ntap-20221118-0007/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5266

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at https://www.debian.org/security/2022/dsa-5266

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2023/12/28/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at http://www.openwall.com/lists/oss-security/2023/12/28/5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/03/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:19:46Z/ Found at http://www.openwall.com/lists/oss-security/2024/01/03/5

Exploit Prediction Scoring System (EPSS)

Percentile	0.42385
EPSS Score	0.00225
Published At	April 13, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.