Bug 2170644 (CVE-2022-38900)
| Summary: | CVE-2022-38900 decode-uri-component: improper input validation resulting in DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Anten Skrabec <askrabec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acrosby, adudiak, aileenc, alampare, alazarot, amctagga, aoconnor, asoldano, aveerama, bbaranow, bbuckingham, bcoca, bcourt, bdettelb, bmaxwell, brian.stansberry, btotty, caswilli, cdewolf, chazlett, cluster-maint, cwelton, darran.lofthouse, davidn, dcadzow, dffrench, dfreiber, dhanak, dkreling, dkuc, dosoudil, dshah, dymurray, ehelms, ellin, emingora, epacific, eric.wittmann, fdeutsch, fjansen, fjuma, fmuellner, ggrzybek, gjospin, gmalinko, gparvin, grafana-maint, gzaronik, hbraun, hhorak, hkataria, iamtedwon, ibek, ibolton, idevat, idm-ds-dev-bugs, ivassile, iweiss, janstey, jburrell, jcammara, jcantril, jhardy, jhorak, jkoehler, jkurik, jmatthew, jmitchel, jmontleo, jneedle, jobarker, jorton, jpavlik, jrokos, jshaughn, jsherril, jstanek, jtanner, jwendell, jwon, kaycoth, kshier, kverlaen, lbacciot, lgao, lzap, mabashia, mbenatto, mhulan, micjohns, mlisik, mnovotny, mokumar, mosmerov, mpitt, mpospisi, mrehak, msochure, msvehla, mwringe, nathans, nbecker, nboldt, ngough, njean, nmoumoul, nodejs-maint, nwallace, ocs-bugs, omular, orabin, oramraz, osapryki, ovanders, owatkins, pahickey, pantinor, pcreech, pdelbell, peholase, periklis, pjindal, pmackay, psegedy, rcernich, rchan, rgarg, rgodfrey, rguimara, rjohnson, rogbas, rrajasek, rstancel, scorneli, scox, shbose, simaishi, slucidi, smaestri, smcdonal, smullick, sseago, stcannon, sthirugn, stransky, tasato, teagle, tfister, tkasparek, tojeline, tom.jenkinson, tpopela, tsasak, twalsh, ubhargav, vkumar, yguenane, zsadeh, zsvetlik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | jwon:
needinfo-
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | decode-uri-component 0.2.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-04-12 21:06:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2170649, 2170650, 2170664, 2222350, 2170648, 2170651, 2170652, 2170653, 2170654, 2170655, 2170656, 2170657, 2170658, 2170660, 2170661, 2170662, 2170663, 2170665, 2170666, 2170667, 2170668, 2170669, 2170670, 2170671, 2170672, 2171806, 2171807, 2171808, 2174577, 2174772, 2174773, 2174774, 2174775, 2174776, 2174777, 2174778, 2174779, 2174780, 2174781, 2174782, 2174783, 2174784, 2174785, 2174786, 2174787, 2174788, 2174789, 2174790, 2174791, 2174792, 2174793, 2174794, 2174795, 2174796, 2174797, 2174798, 2174799, 2174800, 2174801, 2174802, 2174803, 2174804, 2174805, 2174806, 2174807, 2174808, 2174809, 2174810, 2174811, 2174812, 2174813, 2174814, 2174815, 2174816, 2174817, 2174818, 2174819, 2174820, 2174821, 2174822, 2174823, 2174824, 2174825, 2174826, 2174827, 2174828, 2174829, 2174830, 2174831, 2174832, 2174843 | ||
| Bug Blocks: | 2169680 | ||
|
Description
Anten Skrabec
2023-02-16 21:20:08 UTC
Created cockatrice tracking bugs for this issue: Affects: fedora-36 [bug 2170652] Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-36 [bug 2170653] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-7 [bug 2170649] Created grafana tracking bugs for this issue: Affects: fedora-36 [bug 2170654] Created mozjs68 tracking bugs for this issue: Affects: fedora-36 [bug 2170655] Created mozjs78 tracking bugs for this issue: Affects: fedora-36 [bug 2170656] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2170650] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-36 [bug 2170657] Created pcs tracking bugs for this issue: Affects: fedora-all [bug 2170648] Created yarnpkg tracking bugs for this issue: Affects: epel-8 [bug 2170651] Created zuul tracking bugs for this issue: Affects: fedora-36 [bug 2170658] *** Bug 2149084 has been marked as a duplicate of this bug. *** Created yarnpkg tracking bugs for this issue: Affects: fedora-all [bug 2174577] This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:1428 https://access.redhat.com/errata/RHSA-2023:1428 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:1744 https://access.redhat.com/errata/RHSA-2023:1744 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-38900 This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742 Created yarnpkg tracking bugs for this issue: Affects: epel-8 [bug 2222350] This issue has been addressed in the following products: RHPAM 7.13.4 async Via RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6316 https://access.redhat.com/errata/RHSA-2023:6316 |