CVE-2022-3715

CWE-119 — Buffer Overflow CWE-787 — Out-of-bounds Write CWE-284 — Improper Access Control CWE-22 — Path Traversal10 documents10 sources

Severity

7.8HIGH

EPSS

0.0%

top 88.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Bash Redhat Enterprise Linux

Timeline

PublishedJan 5

Latest updateMar 18

Description

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDgnu/bash5.1 — 5.1.8

▶Debianbash< 5.2-1+2

▶CVEListV5bashbash 5.1.8

Also affects: Enterprise Linux 9.0

🔴Vulnerability Details

GHSA

Path traversal vulnerability in glance↗2023-02-13

▶

CVEList

CVE-2022-3715: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform↗2023-01-05

▶

OSV

CVE-2022-3715: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform↗2023-01-05

▶

GHSA

GHSA-cr4j-fv7c-759c: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform↗2023-01-05

▶

📋Vendor Advisories

Ubuntu

Bash vulnerability↗2024-03-18

▶

Microsoft

A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.↗2023-01-10

▶

Red Hat

bash: a heap-buffer-overflow in valid_parameter_transform↗2022-10-27

▶

Debian

CVE-2022-3715: bash - A flaw was found in the bash package, where a heap-buffer overflow can occur in ...↗2022

▶

CISA

ImageMagick Arbitrary File Deletion Vulnerability↗2021-11-03

▶