Veracode Vulnerability DatabaseVERACODE:40389Denial Of Service (DOS)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%
github.com/apptainer/apptainer is vulnerable to Denial Of Service. The vulnerability exists due to a after free bug when mounting extfs file systems, which allows an attacker to crash the kernel or escalate privileges.
References
access.redhat.com/security/cve/cve-2022-1184
github.com/advisories/GHSA-j4rf-7357-f4cg
github.com/apptainer/apptainer/commit/5a4964f5ba9c8d89a0e353b97f51fd607670a9f7
github.com/apptainer/apptainer/releases/tag/v1.1.8
github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
github.com/torvalds/linux/commit/2220eaf90992c11d888fe771055d4de3303
github.com/torvalds/linux/commit/4f04351888a83e595571de672e0a4a8b74f
lwn.net/Articles/932136/
lwn.net/Articles/932137/
security-tracker.debian.org/tracker/CVE-2022-1184
security.gentoo.org/glsa/202311-13
sylabs.io/2023/04/response-to-cve-2023-30549/
ubuntu.com/security/CVE-2022-1184
www.suse.com/security/cve/CVE-2022-1184.html
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%