HIGH🇬🇧 English

CVE-2022-4254

CVSS 8.8v3.1pub. 2023-02-01upd. 2025-03-27

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Fedora Project Sssd

    APP
    Fedoraproject
    1.15.3 – 2.3.1 (bez)
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux For Power Big Endian

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux For Scientific Computing

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    7.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    8.2
  • Red Hat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

    OS
    Redhat
    8.18.2
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    8.2
  • Red Hat Enterprise Linux Server Update Services For Sap Solutions

    OS
    Redhat
    8.1
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...