CVE-2022-4900 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Affected Products (NVD)

Vendor	Product	Version
php	php	𝑥 < 8.0.22
redhat	software_collections	-
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

php7.4

bullseye	vulnerable
bullseye (security)	7.4.33-1+deb11u6 fixed

php8.2

bookworm	8.2.20-1~deb12u1 fixed
bookworm (security)	8.2.24-1~deb12u1 fixed
sid	8.2.24-1 fixed
trixie	8.2.24-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

php5

bionic	dne
focal	dne
jammy	dne
kinetic	dne
trusty	not-affected
xenial	dne

php7.0

bionic	dne
focal	dne
jammy	dne
kinetic	dne
trusty	dne
xenial	not-affected

php7.2

bionic	not-affected
focal	dne
jammy	dne
kinetic	dne
trusty	dne
xenial	dne

php7.4

bionic	dne
focal	Fixed 7.4.3-4ubuntu2.22 released
jammy	dne
kinetic	dne
trusty	dne
xenial	dne

php8.1

bionic	dne
focal	dne
jammy	Fixed 8.1.2-1ubuntu2.17 released
kinetic	ignored
lunar	not-affected
mantic	dne
noble	dne
trusty	dne
xenial	dne

php8.2

bionic	dne
focal	dne
jammy	dne
mantic	not-affected
noble	dne
trusty	dne
xenial	dne

php8.3

bionic	dne
focal	dne
jammy	dne
mantic	dne
noble	not-affected
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://access.redhat.com/security/cve/CVE-2022-4900

https://bugzilla.redhat.com/show_bug.cgi?id=2179880

https://security.netapp.com/advisory/ntap-20231130-0008/

https://access.redhat.com/security/cve/CVE-2022-4900

https://bugzilla.redhat.com/show_bug.cgi?id=2179880

https://lists.debian.org/debian-lts-announce/2024/10/msg00011.html

https://security.netapp.com/advisory/ntap-20231130-0008/