CVE-2022-4506
published 2022-12-15CVE-2022-4506: Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.06%
60.2th percentile
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 5.16.0 < 6.0.16 | 6.0.16 |
| linux | linux_kernel | >= 6.1.0 < 6.1.2 | 6.1.2 |
| open-emr | openemr | < 7.0.0.2 | 7.0.0.2 |
| openemr | openemr_openemr | >= unspecified < 7.0.0.2 | 7.0.0.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
bpf: Prevent decl_tag from being referenced in func_proto arg
osv·2025-12-30
CVE-2022-50883 bpf: Prevent decl_tag from being referenced in func_proto arg
bpf: Prevent decl_tag from being referenced in func_proto arg
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems simil
GHSA
GHSA-w6pw-jxf7-p7gx: Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7
ghsa_unreviewed·2022-12-15
CVE-2022-4506 [HIGH] CWE-434 GHSA-w6pw-jxf7-p7gx: Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
Red Hat
kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
vendor_redhat·2025-12-30·CVSS 3.3
CVE-2022-50883 [LOW] CWE-1287 kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
kernel: bpf: Prevent decl_tag from being referenced in func_proto arg
In the Linux kernel, the following vulnerability has been resolved:
bpf: Prevent decl_tag from being referenced in func_proto arg
Syzkaller managed to hit another decl_tag issue:
btf_func_proto_check kernel/bpf/btf.c:4506 [inline]
btf_check_all_types kernel/bpf/btf.c:4734 [inline]
btf_parse_type_sec+0x1175/0x1980 kernel/bpf/btf.c:4763
btf_parse kernel/bpf/btf.c:5042 [inline]
btf_new_fd+0x65a/0xb00 kernel/bpf/btf.c:6709
bpf_btf_load+0x6f/0x90 kernel/bpf/syscall.c:4342
__sys_bpf+0x50a/0x6c0 kernel/bpf/syscall.c:5034
__do_sys_bpf kernel/bpf/syscall.c:5093 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5091 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5091
do_syscall_64+0x54/0x70 arch/x86/entry/common.c:48
This seems s
No detection rules found.
No public exploits indexed.
https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51fhttps://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942https://www.cve.org/CVERecord?id=CVE-2022-4506https://github.com/openemr/openemr/commit/2e7678d812df167ea3c0756382408b670e8aa51fhttps://huntr.dev/bounties/f423d193-4ab0-4f03-ad90-25e4f02e7942https://www.cve.org/CVERecord?id=CVE-2022-4506
2022-12-15
Published