Vulnerability CVE-2022-0908

Vulnerability Name:

CVE-2022-0908 (CCN-221657)

Assigned:

2021-07-23

Published:

2021-07-23

Updated:

2022-11-07

Summary:

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-0908

Source: XF
Type: UNKNOWN
libtiff-cve20220908-dos(221657)

Source: CONFIRM
Type: Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json

Source: CCN
Type: libtiff GIT Repository
libtiff

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85

Source: CCN
Type: GitLab Web site
AddressSanitizer: Null Pointer Dereference in tif_unix.c:346

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://gitlab.com/libtiff/libtiff/-/issues/383

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-c39720a0ed

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-e2996202a0

Source: GENTOO
Type: Third Party Advisory
GLSA-202210-10

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220506-0002/

Source: DEBIAN
Type: Third Party Advisory
DSA-5108

Source: CCN
Type: IBM Security Bulletin 6843943 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0908

Source: CCN
Type: IBM Security Bulletin 6855099 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Source: CCN
Type: IBM Security Bulletin 6921283 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Vulnerable Configuration:

Configuration 1:

cpe:/a:libtiff:libtiff:*:*:*:*:*:*:*:* (Version <= 4.3.0)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libtiff:libtiff:4.3.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7682	P	libtiff-devel-4.0.9-150000.45.25.1 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20228194	P	RHSA-2022:8194: libtiff security update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20227585	P	RHSA-2022:7585: libtiff security update (Moderate)	2022-11-08
oval:org.opensuse.security:def:3737	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3605	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:119592	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:95367	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:904	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:118911	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:500	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:1073	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:119217	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:42393	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:1517	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:119407	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:95235	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:118721	P	Security update for tiff (Important)	2022-05-30
oval:org.opensuse.security:def:5238	P	Security update for tiff (Important)	2022-05-16
oval:org.opensuse.security:def:6036	P	Security update for tiff (Important)	2022-05-16

BACK