Lucene search
AmazonALAS-2023-1692HistoryFeb 17, 2023 - 12:02 a.m.
Important: libconfuse
2023-02-1700:02:00
alas.aws.amazon.com
12
libconfuse
buffer over-read
update
cve-2022-40320
red hat
mitre
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.9%
Issue Overview:
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. (CVE-2022-40320)
Affected Packages:
libconfuse
Issue Correction:
Run yum update libconfuse to update your system.
New Packages:
i686:
libconfuse-2.7-4.4.amzn1.i686
libconfuse-debuginfo-2.7-4.4.amzn1.i686
libconfuse-devel-2.7-4.4.amzn1.i686
src:
libconfuse-2.7-4.4.amzn1.src
x86_64:
libconfuse-devel-2.7-4.4.amzn1.x86_64
libconfuse-debuginfo-2.7-4.4.amzn1.x86_64
libconfuse-2.7-4.4.amzn1.x86_64
Additional References
Red Hat: CVE-2022-40320
Mitre: CVE-2022-40320
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | libconfuse | < 2.7-4.4.amzn1 | libconfuse-2.7-4.4.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libconfuse-debuginfo | < 2.7-4.4.amzn1 | libconfuse-debuginfo-2.7-4.4.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libconfuse-devel | < 2.7-4.4.amzn1 | libconfuse-devel-2.7-4.4.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | libconfuse-devel | < 2.7-4.4.amzn1 | libconfuse-devel-2.7-4.4.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libconfuse-debuginfo | < 2.7-4.4.amzn1 | libconfuse-debuginfo-2.7-4.4.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libconfuse | < 2.7-4.4.amzn1 | libconfuse-2.7-4.4.amzn1.x86_64.rpm |
Related
openvas
openvas
Fedora: Security Advisory for libconfuse (FEDORA-2022-de992c68d0)
2022-09-23 00:00:00
Fedora: Security Advisory for libconfuse (FEDORA-2022-9b67d67195)
2022-09-23 00:00:00
Mageia: Security Advisory (MGASA-2022-0387)
2022-10-24 00:00:00
nessus
nessus
Amazon Linux AMI : libconfuse (ALAS-2023-1692)
2023-02-23 00:00:00
SUSE SLES15 Security Update : libconfuse0 (SUSE-SU-2022:3807-1)
2022-10-31 00:00:00
SUSE SLES12 Security Update : libconfuse0 (SUSE-SU-2022:3331-1)
2022-09-22 00:00:00
suse
suse
Security update for libconfuse0 (important)
2022-10-28 00:00:00
redos
redos
ROS-20220914-01
2022-09-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-40320 affecting package libconfuse for versions less than 3.3-2
2024-03-19 17:21:46
CVE-2022-40320 affecting package libconfuse for versions less than 3.3-2
2023-01-03 20:57:17
CVE-2022-40320 affecting package libconfuse 3.3-1
2023-03-02 04:18:32
debiancve
debiancve
CVE-2022-40320
2022-09-09 21:15:08
cve
cve
CVE-2022-40320
2022-09-09 21:15:08
prion
prion
Heap overflow
2022-09-09 21:15:00
fedora
fedora
[SECURITY] Fedora 35 Update: libconfuse-3.3-7.fc35
2022-09-21 01:22:35
[SECURITY] Fedora 37 Update: libconfuse-3.3-7.fc37
2022-09-16 00:18:43
[SECURITY] Fedora 36 Update: libconfuse-3.3-7.fc36
2022-09-21 01:13:17
cvelist
cvelist
CVE-2022-40320
2022-09-09 20:38:22
ubuntucve
ubuntucve
CVE-2022-40320
2022-09-09 00:00:00
mageia
mageia
Updated libconfuse packages fix security vulnerability
2022-10-24 01:48:35
osv
osv
CVE-2022-40320
2022-09-09 21:15:08
veracode
veracode
Denial Of Service (DoS)
2022-09-13 07:44:11
nvd
nvd
CVE-2022-40320
2022-09-09 21:15:08
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.9%
Related for ALAS-2023-1692