Vulnerability Name: | CVE-2022-2509 (CCN-232507) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2022-07-29 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2022-07-29 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2022-08-19 | ||||||||||||||||||||||||||||||||||||||||
Summary: | A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-415 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-2509 Source: MISC Type: Third Party Advisory https://access.redhat.com/security/cve/CVE-2022-2509 Source: CCN Type: Red Hat Bugzilla - Bug 2108977 (CVE-2022-2509) - CVE-2022-2509 gnutls: Double free during gnutls_pkcs7_verify Source: XF Type: UNKNOWN gnutls-cve20222509-dos(232507) Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20220812 [SECURITY] [DLA 3070-1] gnutls28 security update Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-5470992bfc Source: MISC Type: Mailing List, Release Notes, Vendor Advisory https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html Source: DEBIAN Type: Third Party Advisory DSA-5203 Source: CCN Type: GnuTLS Web site GnuTLS Source: CCN Type: IBM Security Bulletin 6842505 (MQ Operator) IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS Source: CCN Type: IBM Security Bulletin 6848319 (Voice Gateway) Multiple Vulnerabilities in base image packages affect IBM Voice Gateway Source: CCN Type: IBM Security Bulletin 6852221 (Cloud Transformation Advisor) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6853461 (Robotic Process Automation for Cloud Pak) Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Source: CCN Type: IBM Security Bulletin 6857803 (Cloud Pak for Watson AIOps) Multiple Vulnerabilities in CloudPak for Watson AIOPs Source: CCN Type: IBM Security Bulletin 6967643 (Watson Speech Services Cartridge for Cloud Pak for Data) IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GnuTLS (CVE-2022-2509) Source: CCN Type: IBM Security Bulletin 7001867 (Cloud Pak for Security) IBM Cloud Pak for Security includes components with multiple known vulnerabilities Source: CCN Type: IBM Security Bulletin 7014939 (Cloud Pak for Watson AIOps) Multiple Vulnerabilities in CloudPak for Watson AIOps | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration CCN 1: ![]() | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |