CVE-2022-4254
CVSS V2 None
CVSS V3 None
Description
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Overview
- CVE ID
- CVE-2022-4254
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-01T17:15:09
- Last Modified Date
- 2023-02-09T13:41:12
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:* | 1 | OR | 1.15.3 | 2.3.1 |
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2022-4254 | Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=2149894 | Exploit Issue Tracking Patch Third Party Advisory |
| https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 | Patch Third Party Advisory |
| https://github.com/SSSD/sssd/issues/5135 | Exploit Issue Tracking Patch Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-4254 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4254 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:04:26 | Added to TrackCVE | |||
| 2023-04-17 07:04:29 | Weakness Enumeration | new |