CVE-2022-44940

EUVD-2022-0404
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
patchelf_projectpatchelf
0.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
patchelf
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
patchelf
bionic
needed
focal
needs-triage
jammy
Fixed 0.14.3-1ubuntu0.1~esm1
released
kinetic
Fixed 0.14.3-1ubuntu0.1
released
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needed
Common Weakness Enumeration
References
https://github.com/NixOS/patchelf/pull/419
https://github.com/NixOS/patchelf/pull/419