VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kpnh-gadr-aaae

Essentials
Severities (102)
References (21)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-kpnh-gadr-aaae
Aliases	CVE-2022-41862
Summary	In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Status	Published
Exploitability	0.5
Weighted Severity	3.8
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41862.json
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00181	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
epss	0.00431	https://api.first.org/data/v1/epss?cve=CVE-2022-41862
cvssv3.1	3.7	https://bugzilla.redhat.com/show_bug.cgi?id=2165722
cvssv3.1	3.7	https://bugzilla.redhat.com/show_bug.cgi?id=2165722
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2165722
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2165722
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	3.7	https://nvd.nist.gov/vuln/detail/CVE-2022-41862
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2022-41862
cvssv3.1	3.7	https://security.netapp.com/advisory/ntap-20230427-0002/
cvssv3.1	3.7	https://security.netapp.com/advisory/ntap-20230427-0002/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230427-0002/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230427-0002/
cvssv3	3.7	https://www.postgresql.org/support/security/CVE-2022-41862/
cvssv3.1	3.7	https://www.postgresql.org/support/security/CVE-2022-41862/
cvssv3.1	3.7	https://www.postgresql.org/support/security/CVE-2022-41862/
ssvc	Track	https://www.postgresql.org/support/security/CVE-2022-41862/
ssvc	Track	https://www.postgresql.org/support/security/CVE-2022-41862/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41862.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-41862
		https://bugzilla.redhat.com/show_bug.cgi?id=2165722
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41862
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20230427-0002/
		https://www.postgresql.org/about/news/postgresql-152-147-1310-1214-and-1119-released-2592/
		https://www.postgresql.org/support/security/CVE-2022-41862/
cpe:2.3:a:postgresql:postgresql::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql::::::::
cpe:2.3:a:redhat:integration_camel_k:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_k:-:::::::*
cpe:2.3:a:redhat:integration_camel_quarkus:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_camel_quarkus:-:::::::*
cpe:2.3:a:redhat:integration_service_registry:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration_service_registry:-:::::::*
cpe:2.3:o:fedoraproject:fedora:8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:8:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
CVE-2022-41862		https://nvd.nist.gov/vuln/detail/CVE-2022-41862
RHSA-2023:1576		https://access.redhat.com/errata/RHSA-2023:1576
RHSA-2023:1693		https://access.redhat.com/errata/RHSA-2023:1693
RHSA-2023:4535		https://access.redhat.com/errata/RHSA-2023:4535
RHSA-2023:6429		https://access.redhat.com/errata/RHSA-2023:6429
RHSA-2023:7016		https://access.redhat.com/errata/RHSA-2023:7016
USN-5906-1		https://usn.ubuntu.com/5906-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41862.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2165722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2165722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T16:02:06Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2165722

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41862

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41862

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20230427-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20230427-0002/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T16:02:06Z/ Found at https://security.netapp.com/advisory/ntap-20230427-0002/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.postgresql.org/support/security/CVE-2022-41862/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.postgresql.org/support/security/CVE-2022-41862/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-07T16:02:06Z/ Found at https://www.postgresql.org/support/security/CVE-2022-41862/

Exploit Prediction Scoring System (EPSS)

Percentile	0.30008
EPSS Score	0.00064
Published At	Dec. 19, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.