VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5g2v-sxrc-aaaf

Essentials
Severities (124)
References (37)
Severity details (33)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-5g2v-sxrc-aaaf
Aliases	CVE-2022-24836 GHSA-crjr-9rc5-ghw8
Summary	Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1333	Inefficient Regular Expression Complexity
CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00588	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00798	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00909	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.00976	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01055	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01084	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01557	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01689	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
epss	0.01689	https://api.first.org/data/v1/epss?cve=CVE-2022-24836
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2074346
cvssv3.1	8.2	http://seclists.org/fulldisclosure/2022/Dec/23
generic_textual	HIGH	http://seclists.org/fulldisclosure/2022/Dec/23
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-crjr-9rc5-ghw8
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri
cvssv3.1	7.5	https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
cvssv3.1	7.5	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
cvssv3	7.5	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
cvssv3.1	7.5	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
cvssv3.1_qr	HIGH	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
cvssv3.1	7.5	https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
generic_textual	HIGH	https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2022-24836
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-24836
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-24836
cvssv3.1	8.2	https://security.gentoo.org/glsa/202208-29
generic_textual	HIGH	https://security.gentoo.org/glsa/202208-29
cvssv3.1	8.2	https://support.apple.com/kb/HT213532
generic_textual	HIGH	https://support.apple.com/kb/HT213532

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-24836
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
		http://seclists.org/fulldisclosure/2022/Dec/23
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/sparklemotion/nokogiri
		https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
		https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
		https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
		https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
		https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
		https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
		https://lists.debian.org/debian-lts-announce/2024/09/msg00010.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
		https://security.gentoo.org/glsa/202208-29
		https://support.apple.com/kb/HT213532
1009787		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
2074346		https://bugzilla.redhat.com/show_bug.cgi?id=2074346
cpe:2.3:a:nokogiri:nokogiri::::::ruby::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri::::::ruby::*
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
CVE-2022-24836		https://nvd.nist.gov/vuln/detail/CVE-2022-24836
CVE-2022-24836.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
GHSA-crjr-9rc5-ghw8		https://github.com/advisories/GHSA-crjr-9rc5-ghw8
RHSA-2022:8506		https://access.redhat.com/errata/RHSA-2022:8506

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/23

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24836

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24836

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24836

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://security.gentoo.org/glsa/202208-29

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://support.apple.com/kb/HT213532

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.66611
EPSS Score	0.00588
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.