Search for vulnerabilities
Vulnerability details: VCID-r2jk-zuzp-rfek
Vulnerability ID VCID-r2jk-zuzp-rfek
Aliases CVE-2022-2509
GNUTLS-SA-2022-07-07
Summary A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-415 Double Free
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2509
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json
https://access.redhat.com/security/cve/CVE-2022-2509
https://api.first.org/data/v1/epss?cve=CVE-2022-2509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/
https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
https://www.debian.org/security/2022/dsa-5203
2108977 https://bugzilla.redhat.com/show_bug.cgi?id=2108977
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2022-2509 https://nvd.nist.gov/vuln/detail/CVE-2022-2509
RHSA-2022:6854 https://access.redhat.com/errata/RHSA-2022:6854
RHSA-2022:7105 https://access.redhat.com/errata/RHSA-2022:7105
USN-5550-1 https://usn.ubuntu.com/5550-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.66643
EPSS Score 0.00541
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:42:50.834973+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/5550-1/ 37.0.0