CVE-2022-44641

{"id": "CVE-2022-44641", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-11-18T21:15:11.787", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2023/dsa-5318", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2023/dsa-5318", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-776"}]}], "descriptions": [{"lang": "en", "value": "In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service."}, {"lang": "es", "value": "En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11, los usuarios con credenciales v\u00e1lidas pueden enviar solicitudes XMLRPC manipuladas que provocan una expansi\u00f3n recursiva de la entidad XML, lo que provoca un uso excesivo de la memoria en el servidor y una Denegaci\u00f3n de Servicio (DoS)."}], "lastModified": "2024-11-21T07:28:15.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linaro:lava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E42B7E9F-1DD6-4C30-8FBF-085E0238AE73", "versionEndExcluding": "2022.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}