VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-q7sm-w668-aaaj

Essentials
Severities (66)
References (50)
Severity details (23)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-q7sm-w668-aaaj
Aliases	CVE-2022-32213 GHSA-5689-v88g-g6rv
Summary	The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json
epss	0.00845	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.00845	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.00845	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.00845	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.79485	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.79485	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.80132	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.80132	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.87989	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89015	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
epss	0.89573	https://api.first.org/data/v1/epss?cve=CVE-2022-32213
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2105430
cvssv3.1	9.1	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
generic_textual	CRITICAL	https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
cvssv3.1	6.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-5689-v88g-g6rv
cvssv3.1	9.1	https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
generic_textual	CRITICAL	https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
cvssv3.1	9.1	https://hackerone.com/reports/1524555
generic_textual	CRITICAL	https://hackerone.com/reports/1524555
cvssv3.1	9.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK
cvssv3.1	9.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3
cvssv3.1	9.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY
cvssv3.1	9.1	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
generic_textual	CRITICAL	https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-32213
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-32213
cvssv3.1	9.1	https://security.netapp.com/advisory/ntap-20220915-0001
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20220915-0001
cvssv3.1	9.1	https://www.debian.org/security/2023/dsa-5326
generic_textual	CRITICAL	https://www.debian.org/security/2023/dsa-5326

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-32213
		https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32213
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32214
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32215
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35255
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35256
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb
		https://hackerone.com/reports/1524555
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
		https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
		https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
		https://security.netapp.com/advisory/ntap-20220915-0001
		https://security.netapp.com/advisory/ntap-20220915-0001/
		https://www.debian.org/security/2023/dsa-5326
2105430		https://bugzilla.redhat.com/show_bug.cgi?id=2105430
977716		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977716
cpe:2.3:a:llhttp:llhttp::::::node.js::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:llhttp:llhttp::::::node.js::*
cpe:2.3:a:nodejs:node.js::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js::::::::
cpe:2.3:a:nodejs:node.js:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::-:::*
cpe:2.3:a:nodejs:node.js:::::lts:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:::::lts:::*
cpe:2.3:a:siemens:sinec_ins:1.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::
cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:siemens:sinec_ins:1.0:sp2::::::
cpe:2.3:a:stormshield:stormshield_management_center::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stormshield:stormshield_management_center::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
CVE-2022-32213		https://nvd.nist.gov/vuln/detail/CVE-2022-32213
GHSA-5689-v88g-g6rv		https://github.com/advisories/GHSA-5689-v88g-g6rv
GLSA-202405-29		https://security.gentoo.org/glsa/202405-29
RHSA-2022:6389		https://access.redhat.com/errata/RHSA-2022:6389
RHSA-2022:6448		https://access.redhat.com/errata/RHSA-2022:6448
RHSA-2022:6449		https://access.redhat.com/errata/RHSA-2022:6449
RHSA-2022:6595		https://access.redhat.com/errata/RHSA-2022:6595
RHSA-2022:6985		https://access.redhat.com/errata/RHSA-2022:6985
USN-6491-1		https://usn.ubuntu.com/6491-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32213.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/nodejs/llhttp/commit/18a4afc7ffb4e49dc9e2daebc50588199a6d1dbb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://hackerone.com/reports/1524555

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nodejs.org/en/blog/vulnerability/july-2022-security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32213

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-32213

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20220915-0001

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://www.debian.org/security/2023/dsa-5326

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81931
EPSS Score	0.00845
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.