VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xydq-jftc-aaak

Essentials
Severities (116)
References (42)
Severity details (26)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-xydq-jftc-aaak
Aliases	CVE-2022-23267 GHSA-485p-mrj5-8w2v
Summary	CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-770	Allocation of Resources Without Limits or Throttling

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2194
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2195
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2196
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2199
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2200
rhas	Important	https://access.redhat.com/errata/RHSA-2022:2202
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4588
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00080	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00080	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00080	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00202	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02044	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.0238	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.02444	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
epss	0.07636	https://api.first.org/data/v1/epss?cve=CVE-2022-23267
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2083650
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-485p-mrj5-8w2v
cvssv3.1	7.5	https://github.com/dotnet/announcements/issues/221
generic_textual	HIGH	https://github.com/dotnet/announcements/issues/221
cvssv3.1	7.5	https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v
cvssv3.1_qr	HIGH	https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v
generic_textual	HIGH	https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY
cvssv3.1	7.5	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267
generic_textual	HIGH	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2022-23267
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-23267
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-23267
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-23267

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-23267
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/dotnet/announcements/issues/221
		https://github.com/PowerShell/Announcements/issues/32
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/
		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267
2083650		https://bugzilla.redhat.com/show_bug.cgi?id=2083650
cpe:2.3:a:microsoft:.net:5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:5.0:::::::*
cpe:2.3:a:microsoft:.net:6.0.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:6.0.0:-::::::
cpe:2.3:a:microsoft:.net_core:3.1:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:3.1:-::::::
cpe:2.3:a:microsoft:powershell::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell::::::::
cpe:2.3:a:microsoft:powershell:7.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell:7.0:-::::::
cpe:2.3:a:microsoft:powershell:7.2:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell:7.2:-::::::
cpe:2.3:a:microsoft:visual_studio_2019::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019::::::::
cpe:2.3:a:microsoft:visual_studio_2022:17.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022:17.0:::::::*
cpe:2.3:a:microsoft:visual_studio_2022:17.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022:17.1:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
CVE-2022-23267		https://nvd.nist.gov/vuln/detail/CVE-2022-23267
CVE-2022-23267		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267
GHSA-485p-mrj5-8w2v		https://github.com/advisories/GHSA-485p-mrj5-8w2v
GHSA-485p-mrj5-8w2v		https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v
RHSA-2022:2194		https://access.redhat.com/errata/RHSA-2022:2194
RHSA-2022:2195		https://access.redhat.com/errata/RHSA-2022:2195
RHSA-2022:2196		https://access.redhat.com/errata/RHSA-2022:2196
RHSA-2022:2199		https://access.redhat.com/errata/RHSA-2022:2199
RHSA-2022:2200		https://access.redhat.com/errata/RHSA-2022:2200
RHSA-2022:2202		https://access.redhat.com/errata/RHSA-2022:2202
RHSA-2022:4588		https://access.redhat.com/errata/RHSA-2022:4588

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/announcements/issues/221

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23267

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23267

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23267

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.31876
EPSS Score	0.00067
Published At	Jan. 16, 2025, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.