CVE-2022-1174 — Improper Validation of Specified Quantity in Input in Gitlab

CWE-1284 — Improper Validation of Specified Quantity in Input CWE-400 — Uncontrolled Resource Consumption CWE-754 — Improper Check for Unusual or Exceptional Conditions8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Gitlab Debian Gitlab +1 more

Timeline

PublishedApr 4

Latest updateDec 30

Description

A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDgitlab/gitlab13.7.0 — 14.7.7+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=13.7, <14.7.7, >=14.8, <14.8.5, >=14.9, <14.9.2+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

vhost_vdpa: fix the crash in unmap a large memory↗2025-12-30

▶

GHSA

GHSA-7p75-2h87-hjrc: A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13↗2022-04-05

▶

OSV

CVE-2022-1174: A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13↗2022-04-04

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap↗2025-12-30

▶

GitLab

CVE-2022-1174: A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions↗2022-04-04

▶

Debian

CVE-2022-1174: gitlab - A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 befor...↗2022

▶