CVE-2022-44641

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html	Mailing List Third Party Advisory
https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/
https://www.debian.org/security/2023/dsa-5318	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linaro:lava:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

History

07 Nov 2023, 03:54

Type	Values Removed	Values Added
References	{'url': 'https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/', 'name': 'https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MISC'}	() https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/ -

Information

Published : 2022-11-18 21:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-44641

Mitre link : CVE-2022-44641

CVE.ORG link : CVE-2022-44641

JSON object : View

Products Affected

debian

debian_linux

linaro

lava

CWE

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

{"id": "CVE-2022-44641", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-11-18T21:15:11.787", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2023/dsa-5318", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-776"}]}], "descriptions": [{"lang": "en", "value": "In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service."}, {"lang": "es", "value": "En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11, los usuarios con credenciales v\u00e1lidas pueden enviar solicitudes XMLRPC manipuladas que provocan una expansi\u00f3n recursiva de la entidad XML, lo que provoca un uso excesivo de la memoria en el servidor y una Denegaci\u00f3n de Servicio (DoS)."}], "lastModified": "2023-11-07T03:54:22.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linaro:lava:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E42B7E9F-1DD6-4C30-8FBF-085E0238AE73", "versionEndExcluding": "2022.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}