CVE-2026-22217

OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable...

CVE-2026-22217

OpenClaw Open source npm package openclaw has a CVE-2026-22217 vulnerability: versions 2026.2.22 and earlier allow arbitrary code execution via the shell-env trusted-prefix fallback for the $SHELL variable. An attacker can influence a writable trusted-prefix directory (e.g., /opt/homebrew/bin) to...

CVE-2026-22217

OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...

Siemens Ruggedcom ROX Buffer Over-read (CVE-2020-22217)

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Advisory ROSA-SA-2025-3106

Software: c-ares 1.13.0 OS: ROSA Virtualization 2.1 packageevrstring: c-ares-1.13.0-11.rv3 CVE-ID: CVE-2020-22217 BDU-ID: 2023-05898 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the aresparsesoareply function of the C-ares asynchronous DNS query library is related to an operation exceeding...

CVE-2024-22217

A Server-Side Request Forgery SSRF vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on...

Azure Linux 3.0 Security Update: grpc / python-gevent (CVE-2020-22217)

The version of grpc / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-22217 advisory. - Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply i...

CVE-2020-22217 affecting package ceph for versions less than 18.2.2-1

CVE-2020-22217 affecting package ceph for versions less than 18.2.2-1. A patched version of the package is available...

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 CVSS score: 8.6, has been described as an unauthenticated blind SQL injection. "A malicio...

CVE-2025-22217

creationtimestamp| type| source ---|---|--- 2025-01-28 18:38:39+00:00| seen| https://infosec.exchange/users/randomrobbie/statuses/113907434704963944 2025-01-28 18:40:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113907442876297445 2025-01-28 19:15:35+00:00| seen|...

CVE-2024-22217

creationtimestamp| type| source ---|---|--- 2024-08-15 20:59:27+00:00| seen| https://t.me/cvedetector/3271...

CBL Mariner 2.0 Security Update: grpc / python-gevent (CVE-2020-22217)

The version of grpc / python-gevent installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-22217 advisory. - Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply i...

Moderate: Red Hat Security Advisory: c-ares security update

An update for c-ares is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2020-22217 affecting package python-gevent for versions less than 21.1.2-1

CVE-2020-22217 affecting package python-gevent for versions less than 21.1.2-1. A patched version of the package is available...

GitLab < 13.10.5 (CVE-2021-22217)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or mer...

Rocky Linux 8 : c-ares (RLSA-2023:7207)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7207 advisory. - Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c. CVE-2020-22217 - c-ares is an...

Oracle Linux 8 : c-ares (ELSA-2023-7207)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7207 advisory. 1.13.0-9.1 - Resolves: RHEL-11931 - Buffer Underwrite in aresinetnetpton rhel-8.9.0.z 1.13.0-9 - Resolves: rhbz2238293 - CVE-2020-22217 c-ares:...

RHEL 8 : c-ares (RHSA-2023:7207)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7207 advisory. The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buff...

Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...

ALSA-2023:7207 Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...