VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ecqy-84aj-5kfp

Essentials
Severities (22)
References (26)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ecqy-84aj-5kfp
Aliases	CVE-2022-40152 GHSA-3f7h-mf4q-vrm4
Summary
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-121	Stack-based Buffer Overflow
CWE-787	Out-of-bounds Write
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
epss	0.00803	https://api.first.org/data/v1/epss?cve=CVE-2022-40152
epss	0.00803	https://api.first.org/data/v1/epss?cve=CVE-2022-40152
epss	0.00803	https://api.first.org/data/v1/epss?cve=CVE-2022-40152
cvssv3.1	6.5	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
generic_textual	MODERATE	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
ssvc	Track	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
cvssv3.1	6.5	https://github.com/FasterXML/woodstox
generic_textual	MODERATE	https://github.com/FasterXML/woodstox
cvssv3.1	6.5	https://github.com/FasterXML/woodstox/issues/157
generic_textual	MODERATE	https://github.com/FasterXML/woodstox/issues/157
cvssv3.1	6.5	https://github.com/FasterXML/woodstox/issues/160
generic_textual	MODERATE	https://github.com/FasterXML/woodstox/issues/160
cvssv3.1	6.5	https://github.com/FasterXML/woodstox/pull/159
generic_textual	MODERATE	https://github.com/FasterXML/woodstox/pull/159
cvssv3.1	6.5	https://github.com/x-stream/xstream/issues/304
generic_textual	MODERATE	https://github.com/x-stream/xstream/issues/304
ssvc	Track	https://github.com/x-stream/xstream/issues/304
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-40152
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-40152

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-40152
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40152
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/FasterXML/woodstox
		https://github.com/FasterXML/woodstox/issues/157
		https://github.com/FasterXML/woodstox/issues/160
		https://github.com/FasterXML/woodstox/pull/159
1032089		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032089
2134291		https://bugzilla.redhat.com/show_bug.cgi?id=2134291
304		https://github.com/x-stream/xstream/issues/304
CVE-2022-40152		https://nvd.nist.gov/vuln/detail/CVE-2022-40152
detail?id=47434		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434
GHSA-3f7h-mf4q-vrm4		https://github.com/advisories/GHSA-3f7h-mf4q-vrm4
RHSA-2023:0469		https://access.redhat.com/errata/RHSA-2023:0469
RHSA-2023:0552		https://access.redhat.com/errata/RHSA-2023:0552
RHSA-2023:0553		https://access.redhat.com/errata/RHSA-2023:0553
RHSA-2023:0554		https://access.redhat.com/errata/RHSA-2023:0554
RHSA-2023:0556		https://access.redhat.com/errata/RHSA-2023:0556
RHSA-2023:2100		https://access.redhat.com/errata/RHSA-2023:2100
RHSA-2023:3299		https://access.redhat.com/errata/RHSA-2023:3299
RHSA-2023:3641		https://access.redhat.com/errata/RHSA-2023:3641
RHSA-2023:3815		https://access.redhat.com/errata/RHSA-2023:3815
RHSA-2023:4983		https://access.redhat.com/errata/RHSA-2023:4983
RHSA-2025:4226		https://access.redhat.com/errata/RHSA-2025:4226
RHSA-2025:4437		https://access.redhat.com/errata/RHSA-2025:4437

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40152.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/ Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/woodstox

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/woodstox/issues/157

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/woodstox/issues/160

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/woodstox/pull/159

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/x-stream/xstream/issues/304

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:39:21Z/ Found at https://github.com/x-stream/xstream/issues/304

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-40152

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.7454
EPSS Score	0.00803
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:09:01.954651+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.6.0