Search for vulnerabilities
Vulnerability details: VCID-xpj4-ak9e-aaas
Vulnerability ID VCID-xpj4-ak9e-aaas
Aliases CVE-2022-2509
GNUTLS-SA-2022-07-07
Summary CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-415 Double Free
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0056 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
epss 0.0221 https://api.first.org/data/v1/epss?cve=CVE-2022-2509
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2108977
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2509
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2509
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json
https://access.redhat.com/security/cve/CVE-2022-2509
https://api.first.org/data/v1/epss?cve=CVE-2022-2509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/
https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
https://www.debian.org/security/2022/dsa-5203
2108977 https://bugzilla.redhat.com/show_bug.cgi?id=2108977
cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
CVE-2022-2509 https://nvd.nist.gov/vuln/detail/CVE-2022-2509
RHSA-2022:6854 https://access.redhat.com/errata/RHSA-2022:6854
RHSA-2022:7105 https://access.redhat.com/errata/RHSA-2022:7105
USN-5550-1 https://usn.ubuntu.com/5550-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2509
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.56244
EPSS Score 0.00182
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.