VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-gkg1-z48a-aaaf

Essentials
Severities (117)
References (59)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-gkg1-z48a-aaaf
Aliases	CVE-2022-40674
Summary	libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00464	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00477	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00477	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00477	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00504	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00504	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00504	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00518	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00518	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.0054	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.0054	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.0054	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.0054	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.0054	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00562	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00586	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00796	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00796	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.00796	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.01126	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.01126	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.01126	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.01126	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
epss	0.02397	https://api.first.org/data/v1/epss?cve=CVE-2022-40674
cvssv3.1	8.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.1	https://github.com/libexpat/libexpat/pull/629
ssvc	Track	https://github.com/libexpat/libexpat/pull/629
cvssv3.1	8.1	https://github.com/libexpat/libexpat/pull/640
ssvc	Track	https://github.com/libexpat/libexpat/pull/640
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-40674
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-40674
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2022-40674
archlinux	Unknown	https://security.archlinux.org/AVG-2815
cvssv3.1	8.1	https://security.gentoo.org/glsa/202209-24
ssvc	Track	https://security.gentoo.org/glsa/202209-24
cvssv3.1	8.1	https://security.gentoo.org/glsa/202211-06
ssvc	Track	https://security.gentoo.org/glsa/202211-06
cvssv3.1	8.1	https://security.netapp.com/advisory/ntap-20221028-0008/
ssvc	Track	https://security.netapp.com/advisory/ntap-20221028-0008/
cvssv3.1	8.1	https://www.debian.org/security/2022/dsa-5236
ssvc	Track	https://www.debian.org/security/2022/dsa-5236
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-47

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-40674
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/libexpat/libexpat/pull/629
		https://github.com/libexpat/libexpat/pull/640
		https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
		https://security.gentoo.org/glsa/202209-24
		https://security.gentoo.org/glsa/202211-06
		https://security.netapp.com/advisory/ntap-20221028-0008/
		https://www.debian.org/security/2022/dsa-5236
1019761		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761
2130769		https://bugzilla.redhat.com/show_bug.cgi?id=2130769
AVG-2815		https://security.archlinux.org/AVG-2815
cpe:2.3:a:libexpat_project:libexpat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2022-40674		https://nvd.nist.gov/vuln/detail/CVE-2022-40674
mfsa2022-47		https://www.mozilla.org/en-US/security/advisories/mfsa2022-47
RHSA-2022:6831		https://access.redhat.com/errata/RHSA-2022:6831
RHSA-2022:6832		https://access.redhat.com/errata/RHSA-2022:6832
RHSA-2022:6833		https://access.redhat.com/errata/RHSA-2022:6833
RHSA-2022:6834		https://access.redhat.com/errata/RHSA-2022:6834
RHSA-2022:6838		https://access.redhat.com/errata/RHSA-2022:6838
RHSA-2022:6878		https://access.redhat.com/errata/RHSA-2022:6878
RHSA-2022:6921		https://access.redhat.com/errata/RHSA-2022:6921
RHSA-2022:6967		https://access.redhat.com/errata/RHSA-2022:6967
RHSA-2022:6995		https://access.redhat.com/errata/RHSA-2022:6995
RHSA-2022:6996		https://access.redhat.com/errata/RHSA-2022:6996
RHSA-2022:6997		https://access.redhat.com/errata/RHSA-2022:6997
RHSA-2022:6998		https://access.redhat.com/errata/RHSA-2022:6998
RHSA-2022:7019		https://access.redhat.com/errata/RHSA-2022:7019
RHSA-2022:7020		https://access.redhat.com/errata/RHSA-2022:7020
RHSA-2022:7021		https://access.redhat.com/errata/RHSA-2022:7021
RHSA-2022:7022		https://access.redhat.com/errata/RHSA-2022:7022
RHSA-2022:7023		https://access.redhat.com/errata/RHSA-2022:7023
RHSA-2022:7024		https://access.redhat.com/errata/RHSA-2022:7024
RHSA-2022:7025		https://access.redhat.com/errata/RHSA-2022:7025
RHSA-2022:7026		https://access.redhat.com/errata/RHSA-2022:7026
RHSA-2022:8598		https://access.redhat.com/errata/RHSA-2022:8598
RHSA-2022:8841		https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:3068		https://access.redhat.com/errata/RHSA-2023:3068
USN-5638-1		https://usn.ubuntu.com/5638-1/
USN-5638-2		https://usn.ubuntu.com/5638-2/
USN-5638-4		https://usn.ubuntu.com/5638-4/
USN-5726-1		https://usn.ubuntu.com/5726-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/libexpat/libexpat/pull/629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://github.com/libexpat/libexpat/pull/629

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/libexpat/libexpat/pull/640

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://github.com/libexpat/libexpat/pull/640

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-40674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-40674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-40674

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202209-24

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://security.gentoo.org/glsa/202209-24

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202211-06

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://security.gentoo.org/glsa/202211-06

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20221028-0008/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://security.netapp.com/advisory/ntap-20221028-0008/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5236

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/ Found at https://www.debian.org/security/2022/dsa-5236

Exploit Prediction Scoring System (EPSS)

Percentile	0.63129
EPSS Score	0.00464
Published At	May 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.