CVE-2022-2663

Exploit

EPSS 0.16%
Veröffentlicht 01.09.2022 21:15:09
Zuletzt bearbeitet 21.11.2024 07:01:28
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version-

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.369

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5257

Third Party Advisory

https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663

Third Party Advisory

Exploit

https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/