CVE-2022-2738

CWE-416 — Use After Free4 documents4 sources

Severity

7.5HIGH

EPSS

0.6%

top 31.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Podman Project Podman Redhat Enterprise Linux Server Redhat Enterprise Linux Workstation

Timeline

PublishedSep 1

Latest updateSep 2

Description

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5podmanpodman 1.6.4-32.el7_9

▶NVDpodman_project/podman1.6.4-32.el7_9

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_workstation7.0

🔴Vulnerability Details

GHSA

GHSA-8pqv-rxj7-35c4: The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing th↗2022-09-02

▶

CVEList

CVE-2022-2738: The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing th↗2022-09-01

▶

📋Vendor Advisories

Red Hat

podman: Security regression of CVE-2020-8945 due to source code management issue↗2022-08-19

▶