CVE-2022-27239

{"id": "CVE-2022-27239", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-04-27T14:15:09.203", "references": [{"url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15025", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/piastry/cifs-utils/pull/7", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202311-05", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2022/dsa-5157", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."}, {"lang": "es", "value": "En cifs-utils versiones hasta 6.14, un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria cuando es analizado el argumento de l\u00ednea de comandos mount.cifs ip= podr\u00eda conllevar a que atacantes locales obtuvieran privilegios de root"}], "lastModified": "2023-11-24T15:15:07.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A994C1D7-9394-43A0-976B-246980F5E77E", "versionEndExcluding": "6.15"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AB27A2D-549C-450E-A09E-B3316895F052"}, {"criteria": "cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B20D44D-F87E-4692-8E04-695683F1ECE6"}, {"criteria": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7305944-AC9C-47A3-AADF-71A8B24830D1"}, {"criteria": "cpe:2.3:a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "694479D9-16C8-4B60-A4D3-975D9E0A7F53"}, {"criteria": "cpe:2.3:a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B264EB20-49EA-4819-A92B-0748AEFFAC68"}, {"criteria": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9910C73A-3BCD-4F56-8C7D-79CB289640A2"}, {"criteria": "cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0156BFA-9E83-43E6-9C73-9711AD054B5A"}, {"criteria": "cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC2D0A4-56F8-4ED6-91E2-78434A016C5F"}, {"criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "450A3B3F-F26D-4EAB-BF5D-4C906C4A99DD"}, {"criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD5BDD59-5008-4DDC-B805-BB6B7DE8E1A6"}, {"criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A69D3CCD-6590-46EF-9D3F-E903AB78E3BA"}, {"criteria": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5810E98-7BF5-42E2-9DE9-661049ABE367"}, {"criteria": "cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E46DEFD-659D-4D8F-BCD8-6B8A022F8FB0"}, {"criteria": "cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1532304-0EA2-4816-B481-C87C7386DC88"}, {"criteria": "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C3BEB21-4080-4258-B95C-562D717AED0B"}, {"criteria": "cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F8A7D8-FD3E-4C36-AB2A-A61449BF38C5"}, {"criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1675CBE5-44D3-4326-AE8B-EEB9E25D783A"}, {"criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B631400C-0A5A-45A3-9DFA-B419E83D324E"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACB76FF0-B939-42E9-842B-171E929F317D"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F648F64B-C3F2-4B14-906D-E48345303F0E"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F8C8AD43-557D-4285-BA46-9C5785F53229"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFA8943-A151-4E16-962D-75F1CB0C3C41"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*", "vulnerable": true, "matchCriteriaId": "89C89474-3F7A-499E-8E7C-25952584A68C"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2E84A0-A9ED-411B-9963-647D8A95D3D5"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*", "vulnerable": true, "matchCriteriaId": "455B5F70-FDA0-4AE3-9C62-F0BC8E6C3D85"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "A0E17861-F7C2-479B-B687-42419ADED014"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "75A0B727-33A9-416B-9E83-5103ABE856B4"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D0E679A3-3EAC-4603-BD89-E04EE26845B2"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "EACDFD9B-C423-4FD1-B9AA-0D6D7D93CB36"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*", "vulnerable": true, "matchCriteriaId": "825D86FE-87DA-4389-8097-D7CF34718CB2"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B0AC584-5E26-4ACE-BC19-9E69A302F238"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "7B84C8D3-0B59-40DC-881D-D016A422E8CC"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*", "vulnerable": true, "matchCriteriaId": "93A9AC01-6C1F-4025-BD7C-E02C4E3D0CD0"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*", "vulnerable": true, "matchCriteriaId": "16729D9C-DC05-41BD-9B32-682983190CE0"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*", "vulnerable": true, "matchCriteriaId": "EA9DC756-8E39-4AB6-B9D4-2A4100FF8D04"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*", "vulnerable": true, "matchCriteriaId": "77F1991E-E0D6-4BDE-BDF0-D34D6E67AAD4"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "C6622CD4-DF4B-4064-BAEB-5E382C4B05C8"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*", "vulnerable": true, "matchCriteriaId": "E279968E-C62B-4888-899A-2BF57E8F8692"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*", "vulnerable": true, "matchCriteriaId": "65709414-EAE0-4EA7-9C5F-EBDA80FF2A9D"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "7E05EE7E-993C-4107-9A15-EBE0D2268239"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*", "vulnerable": true, "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*", "vulnerable": true, "matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*", "vulnerable": true, "matchCriteriaId": "88FFABAC-A728-4172-9A1E-2B84E82219D4"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "B1065E14-69B3-4643-ACF7-3C14BF07C783"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*", "vulnerable": true, "matchCriteriaId": "26FDBC27-D993-4A93-BC70-753FA21F4C11"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "55A521F2-51C3-4356-A8D6-BD5A1BD60C85"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*", "vulnerable": true, "matchCriteriaId": "A256B5D1-49D2-4363-AAD6-30FD32F0D132"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*", "vulnerable": true, "matchCriteriaId": "6E1420DB-3DF2-4A95-B703-913D67727295"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C2EACE6-C127-4B13-8002-8EEBEE8D549B"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72FDB554-E771-42DA-8B9E-DB5CB545A660"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C734CEC-64F2-4129-B52E-C81884B3AC9A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "541BB602-443D-4D8E-A46F-5EC4A9702E17"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}