Lucene search

Ubuntu.comUB:CVE-2022-38493

HistoryAug 20, 2022 - 12:00 a.m.

CVE-2022-38493

2022-08-2000:00:00

ubuntu.com

rhonabwy

rsa private key

denial of service

jwe

json web encryption

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn’t check the RSA private
key length before RSA-OAEP decryption. This allows attackers to cause a
Denial of Service via a crafted JWE (JSON Web Encryption) token.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchrhonabwy< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	rhonabwy	< any	UNKNOWN

References

github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399

launchpad.net/bugs/cve/CVE-2022-38493

nvd.nist.gov/vuln/detail/CVE-2022-38493

security-tracker.debian.org/tracker/CVE-2022-38493

www.cve.org/CVERecord?id=CVE-2022-38493

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

Related for UB:CVE-2022-38493