VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-m3e1-5tfw-uyhv

Essentials
Severities (11)
References (26)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-m3e1-5tfw-uyhv
Aliases	CVE-2022-21618
Summary	Multiple vulnerabilities have been found in IcedTea, the worst of which could result in arbitrary code execution.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21618.json
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
epss	0.00292	https://api.first.org/data/v1/epss?cve=CVE-2022-21618
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21618.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-21618
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21618
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21619
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21624
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21628
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39399
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21835
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21843
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2133817		https://bugzilla.redhat.com/show_bug.cgi?id=2133817
GLSA-202409-26		https://security.gentoo.org/glsa/202409-26
RHSA-2022:6999		https://access.redhat.com/errata/RHSA-2022:6999
RHSA-2022:7000		https://access.redhat.com/errata/RHSA-2022:7000
RHSA-2022:7001		https://access.redhat.com/errata/RHSA-2022:7001
RHSA-2022:7008		https://access.redhat.com/errata/RHSA-2022:7008
RHSA-2022:7009		https://access.redhat.com/errata/RHSA-2022:7009
RHSA-2022:7010		https://access.redhat.com/errata/RHSA-2022:7010
RHSA-2022:7011		https://access.redhat.com/errata/RHSA-2022:7011
RHSA-2022:7012		https://access.redhat.com/errata/RHSA-2022:7012
RHSA-2022:7013		https://access.redhat.com/errata/RHSA-2022:7013
RHSA-2022:7051		https://access.redhat.com/errata/RHSA-2022:7051
RHSA-2022:7052		https://access.redhat.com/errata/RHSA-2022:7052
RHSA-2022:7053		https://access.redhat.com/errata/RHSA-2022:7053
RHSA-2022:7054		https://access.redhat.com/errata/RHSA-2022:7054
USN-5719-1		https://usn.ubuntu.com/5719-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21618.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.52551
EPSS Score	0.00292
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:00:40.964644+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202409-26	38.0.0