Search for vulnerabilities
Vulnerability details: VCID-gufu-nks1-aaag
Vulnerability ID VCID-gufu-nks1-aaag
Aliases CVE-2022-2309
GHSA-wrxv-2j5q-m38w
PYSEC-2022-230
Summary NULL Pointer Dereference in lxml
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-476 NULL Pointer Dereference
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00434 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00481 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00530 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
epss 0.01664 https://api.first.org/data/v1/epss?cve=CVE-2022-2309
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2107571
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.3 https://github.com/advisories/GHSA-wrxv-2j5q-m38w
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-wrxv-2j5q-m38w
generic_textual MODERATE https://github.com/advisories/GHSA-wrxv-2j5q-m38w
cvssv3.1 5.3 https://github.com/lxml/lxml
generic_textual MODERATE https://github.com/lxml/lxml
cvssv3.1 5.3 https://github.com/lxml/lxml/blob/master/CHANGES.txt
generic_textual MODERATE https://github.com/lxml/lxml/blob/master/CHANGES.txt
cvssv3.1 5.3 https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
generic_textual MODERATE https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
cvssv3.1 5.3 https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml
cvssv3.1 5.3 https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba
generic_textual MODERATE https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba
cvssv3.1 5.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ
cvssv3.1 5.3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-2309
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2309
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2309
cvssv3.1 5.3 https://security.gentoo.org/glsa/202208-06
generic_textual MODERATE https://security.gentoo.org/glsa/202208-06
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20220915-0006
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20220915-0006
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json
https://api.first.org/data/v1/epss?cve=CVE-2022-2309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/advisories/GHSA-wrxv-2j5q-m38w
https://github.com/lxml/lxml
https://github.com/lxml/lxml/blob/master/CHANGES.txt
https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml
https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/
https://security.gentoo.org/glsa/202208-06
https://security.netapp.com/advisory/ntap-20220915-0006
https://security.netapp.com/advisory/ntap-20220915-0006/
1014766 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766
2107571 https://bugzilla.redhat.com/show_bug.cgi?id=2107571
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-2309 https://nvd.nist.gov/vuln/detail/CVE-2022-2309
RHSA-2022:8226 https://access.redhat.com/errata/RHSA-2022:8226
USN-5760-1 https://usn.ubuntu.com/5760-1/
USN-6028-2 https://usn.ubuntu.com/6028-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/advisories/GHSA-wrxv-2j5q-m38w
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/lxml/lxml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/lxml/lxml/blob/master/CHANGES.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2309
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2309
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2309
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202208-06
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20220915-0006
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.60377
EPSS Score 0.00414
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.