Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4yvm-d9qr-ebaw
Vulnerability ID VCID-4yvm-d9qr-ebaw
Aliases CVE-2022-1097
Summary Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1097.json
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2022-1097
cvssv3.1 6.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1745667
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1745667
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2711
archlinux High https://security.archlinux.org/AVG-2712
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-13
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-14
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-15
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2022-13/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-13/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2022-14/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-14/
cvssv3.1 6.5 https://www.mozilla.org/security/advisories/mfsa2022-15/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2022-15/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1097.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28289
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2072559 https://bugzilla.redhat.com/show_bug.cgi?id=2072559
AVG-2711 https://security.archlinux.org/AVG-2711
AVG-2712 https://security.archlinux.org/AVG-2712
GLSA-202212-05 https://security.gentoo.org/glsa/202212-05
mfsa2022-13 https://www.mozilla.org/en-US/security/advisories/mfsa2022-13
mfsa2022-13 https://www.mozilla.org/security/advisories/mfsa2022-13/
mfsa2022-14 https://www.mozilla.org/en-US/security/advisories/mfsa2022-14
mfsa2022-14 https://www.mozilla.org/security/advisories/mfsa2022-14/
mfsa2022-15 https://www.mozilla.org/en-US/security/advisories/mfsa2022-15
mfsa2022-15 https://www.mozilla.org/security/advisories/mfsa2022-15/
RHSA-2022:1283 https://access.redhat.com/errata/RHSA-2022:1283
RHSA-2022:1284 https://access.redhat.com/errata/RHSA-2022:1284
RHSA-2022:1285 https://access.redhat.com/errata/RHSA-2022:1285
RHSA-2022:1286 https://access.redhat.com/errata/RHSA-2022:1286
RHSA-2022:1287 https://access.redhat.com/errata/RHSA-2022:1287
RHSA-2022:1301 https://access.redhat.com/errata/RHSA-2022:1301
RHSA-2022:1302 https://access.redhat.com/errata/RHSA-2022:1302
RHSA-2022:1303 https://access.redhat.com/errata/RHSA-2022:1303
RHSA-2022:1305 https://access.redhat.com/errata/RHSA-2022:1305
RHSA-2022:1326 https://access.redhat.com/errata/RHSA-2022:1326
show_bug.cgi?id=1745667 https://bugzilla.mozilla.org/show_bug.cgi?id=1745667
USN-5370-1 https://usn.ubuntu.com/5370-1/
USN-5393-1 https://usn.ubuntu.com/5393-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1097.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1745667
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:07Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1745667
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-13/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:07Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-13/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-14/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:07Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-14/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.mozilla.org/security/advisories/mfsa2022-15/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:30:07Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-15/
Exploit Prediction Scoring System (EPSS)
Percentile 0.48964
EPSS Score 0.00256
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:10:22.250031+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202212-05 38.0.0