CVE-2022-44641
published 2022-11-18CVE-2022-44641: In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML…
PriorityP430medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.97%
57.5th percentile
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | lava | < lava 2023.01-1 (bookworm) | lava 2023.01-1 (bookworm) |
| linaro | lava | < 2022.11 | 2022.11 |
| linaro | lava | >= 0 < 2020.12-5+deb11u2 | 2020.12-5+deb11u2 |
| linaro | lava | >= 0 < 2023.01-1 | 2023.01-1 |
| linaro | lava | >= 0 < 2023.01-1 | 2023.01-1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2022-44641: lava - In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with va...
vendor_debian·2022·CVSS 6.5
CVE-2022-44641 [MEDIUM] CVE-2022-44641: lava - In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with va...
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Scope: local
bookworm: resolved (fixed in 2023.01-1)
bullseye: resolved (fixed in 2020.12-5+deb11u2)
forky: resolved (fixed in 2023.01-1)
sid: resolved (fixed in 2023.01-1)
OSV
CVE-2022-44641: In Linaro Automated Validation Architecture (LAVA) before 2022
osv·2022-11-18·CVSS 6.5
CVE-2022-44641 [MEDIUM] CVE-2022-44641: In Linaro Automated Validation Architecture (LAVA) before 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
GHSA
GHSA-hj7c-g88c-mq5v: In Linaro Automated Validation Architecture (LAVA) before 2022
ghsa_unreviewed·2022-11-18
CVE-2022-44641 [MEDIUM] CWE-776 GHSA-hj7c-g88c-mq5v: In Linaro Automated Validation Architecture (LAVA) before 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2023/01/msg00016.htmlhttps://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/https://www.debian.org/security/2023/dsa-5318https://lists.debian.org/debian-lts-announce/2023/01/msg00016.htmlhttps://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/https://www.debian.org/security/2023/dsa-5318
2022-11-18
Published