7.8
CVE-2022-27239
- EPSS 0.56%
- Veröffentlicht 27.04.2022 14:15:09
- Zuletzt bearbeitet 21.11.2024 06:55:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Samba ≫ Cifs-utils Version < 6.15
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Suse ≫ Caas Platform Version4.0
Suse ≫ Enterprise Storage Version6.0
Suse ≫ Enterprise Storage Version7.0
Suse ≫ Linux Enterprise Point Of Service Version11.0 Updatesp3
Suse ≫ Linux Enterprise Storage Version7.1
Suse ≫ Manager Proxy Version4.1
Suse ≫ Manager Proxy Version4.2
Suse ≫ Manager Proxy Version4.3
Suse ≫ Manager Retail Branch Server Version4.1
Suse ≫ Manager Retail Branch Server Version4.2
Suse ≫ Manager Retail Branch Server Version4.3
Suse ≫ Manager Server Version4.1
Suse ≫ Manager Server Version4.2
Suse ≫ Manager Server Version4.3
Suse ≫ Openstack Cloud Version8.0
Suse ≫ Openstack Cloud Version9.0
Suse ≫ Openstack Cloud Crowbar Version8.0
Suse ≫ Openstack Cloud Crowbar Version9.0
Suse ≫ Linux Enterprise Desktop Version15 Updatesp3
Suse ≫ Linux Enterprise Desktop Version15 Updatesp4
Suse ≫ Linux Enterprise High Performance Computing Version12.0 Updatesp5 SwEdition-
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Update- SwEditionltss
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp1 SwEditionespos
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp2 SwEditionespos
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp3 SwEdition-
Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp4 SwEdition-
Suse ≫ Linux Enterprise Micro Version5.2 SwPlatform-
Suse ≫ Linux Enterprise Micro Version5.2 SwPlatformrancher
Suse ≫ Linux Enterprise Real Time Version15.0 Updatesp2
Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp4 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp2 SwEditionbusiness_critical_linux SwPlatform-
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwPlatformsap
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEditionbusiness_critical_linux SwPlatform-
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEditionespos
Suse ≫ Linux Enterprise Server Version12 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp4 SwEdition- SwPlatformsap
Suse ≫ Linux Enterprise Server Version12 Updatesp4 SwEditionespos
Suse ≫ Linux Enterprise Server Version12 Updatesp4 SwEditionltss
Suse ≫ Linux Enterprise Server Version12 Updatesp5 SwPlatformsap
Suse ≫ Linux Enterprise Server Version15 SwPlatformsap
Suse ≫ Linux Enterprise Server Version15 Update- SwEditionespos
Suse ≫ Linux Enterprise Server Version15 Update- SwEditionltss
Suse ≫ Linux Enterprise Server Version15 Updatesp1 SwEditionbusiness_critical_linux SwPlatform-
Suse ≫ Linux Enterprise Server Version15 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise Server Version15 Updatesp2 SwEditionbusiness_critical_linux SwPlatform-
Suse ≫ Linux Enterprise Server Version15 Updatesp2 SwEditionltss
Suse ≫ Linux Enterprise Server Version15 Updatesp3
Suse ≫ Linux Enterprise Server Version15 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version12 Updatesp5
Hp ≫ Helion Openstack Version8.0
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.427 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
https://bugzilla.samba.org/show_bug.cgi?id=15025
https://bugzilla.suse.com/show_bug.cgi?id=1197216
https://github.com/piastry/cifs-utils/pull/7
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765
https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
https://security.gentoo.org/glsa/202311-05
https://www.debian.org/security/2022/dsa-5157