cbcvebase.
CVE-2022-44641
published 2022-11-18

CVE-2022-44641: In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML…

PriorityP430medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.97%
57.5th percentile
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianlava< lava 2023.01-1 (bookworm)lava 2023.01-1 (bookworm)
linarolava< 2022.112022.11
linarolava>= 0 < 2020.12-5+deb11u22020.12-5+deb11u2
linarolava>= 0 < 2023.01-12023.01-1
linarolava>= 0 < 2023.01-12023.01-1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.