CVE-2022-28652

2024-06-0422:15:09

CWE-776

canonical

web.nvd.nist.gov

174

nvd

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

JSON

~/.config/apport/settings parsing is vulnerable to “billion laughs” attack

Affected configurations

Nvd

Node

apport_projectapportRange<2.21.0

Node

canonicalubuntu_linuxMatch18.04esm

canonicalubuntu_linuxMatch20.04lts

canonicalubuntu_linuxMatch21.10

canonicalubuntu_linuxMatch22.04lts

VendorProductVersionCPE
apport_projectapport*cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
canonicalubuntu_linux21.10cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
canonicalubuntu_linux22.04cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
apport_project	apport	*	cpe:2.3:a:apport_project:apport::::::::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
canonical	ubuntu_linux	20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
canonical	ubuntu_linux	21.10	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*
canonical	ubuntu_linux	22.04	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::

CNA Affected

[
  {
    "packageName": "apport",
    "product": "Apport",
    "vendor": "Canonical Ltd.",
    "repo": "https://github.com/canonical/apport",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "2.21.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]