CVE-2022-43756
published 2023-02-07CVE-2022-43756: A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.68%
47.9th percentile
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | rancher_wrangler | >= 0 < 0.7.4-security1 | 0.7.4-security1 |
| github.com | rancher_wrangler | >= 0.8.0 < 0.8.5-security1 | 0.8.5-security1 |
| github.com | rancher_wrangler | >= 0.8.6 < 0.8.11 | 0.8.11 |
| github.com | rancher_wrangler | >= 1.0.0 < 1.0.1 | 1.0.1 |
| suse | rancher | wrangler – 0.7.3 | — |
| suse | wrangler | < 0.7.4 | 0.7.4 |
| suse | wrangler | — | — |
| suse | wrangler | >= 0.8.0 < 0.8.5 | 0.8.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Denial of service when processing Git credentials in github.com/rancher/wrangler
osv·2023-02-14
CVE-2022-43756 Denial of service when processing Git credentials in github.com/rancher/wrangler
Denial of service when processing Git credentials in github.com/rancher/wrangler
A denial of service (DoS) vulnerability exists in the Wrangler Git package. Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources.
This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories.
A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.
GHSA
Denial of service (DoS) when processing Git credentials
ghsa·2023-01-25
CVE-2022-43756 [MEDIUM] CWE-150 Denial of service (DoS) when processing Git credentials
Denial of service (DoS) when processing Git credentials
### Impact
A denial of services (DoS) vulnerability was discovered in Wrangler Git package affecting versions up to and including `v1.0.0`.
Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories.
### Workarounds
A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched
OSV
Denial of service (DoS) when processing Git credentials
osv·2023-01-25
CVE-2022-43756 [MEDIUM] Denial of service (DoS) when processing Git credentials
Denial of service (DoS) when processing Git credentials
### Impact
A denial of services (DoS) vulnerability was discovered in Wrangler Git package affecting versions up to and including `v1.0.0`.
Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories.
### Workarounds
A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-07
Published