Vulnerability CVE-2022-25310

Vulnerability Name:

CVE-2022-25310 (CCN-229323)

Assigned:

2021-12-21

Published:

2021-12-21

Updated:

2023-06-23

Summary:

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2022-25310

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 2047923
(CVE-2022-25310) - CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marks

Source: secalert@redhat.com
Type: Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
fribidi-cve202225310-dos(229323)

Source: CCN
Type: FriBidi GIT Repository
SEGV on unknown address 0x000000000000 (pc 0x55cc8b6086a6 bp 0x7ffed6538790 sp 0x7ffed6538740 T0) #183

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6843927 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-25310

Source: CCN
Type: IBM Security Bulletin 6921283 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-25310

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7498	P	fribidi-1.0.10-150400.3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7931	P	libfribidi0-32bit-1.0.10-150400.3.3.1 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20228011	P	RHSA-2022:8011: fribidi security update (Moderate)	2022-11-15
oval:com.redhat.rhsa:def:20227514	P	RHSA-2022:7514: fribidi security update (Moderate)	2022-11-08
oval:org.opensuse.security:def:3606	P	libicu-doc-52.1-8.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3674	P	libsnmp30-32bit-5.7.3-6.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95236	P	Security update for fribidi (Moderate)	2022-05-31
oval:org.opensuse.security:def:506	P	Security update for fribidi (Moderate)	2022-05-31
oval:org.opensuse.security:def:95304	P	Security update for fribidi (Moderate)	2022-05-31
oval:org.opensuse.security:def:5261	P	Security update for fribidi (Moderate)	2022-05-25
oval:org.opensuse.security:def:901	P	Security update for fribidi (Moderate)	2022-05-25
oval:org.opensuse.security:def:42390	P	Security update for fribidi (Moderate)	2022-05-25
oval:org.opensuse.security:def:6055	P	Security update for fribidi (Moderate)	2022-05-25
oval:org.opensuse.security:def:1072	P	Security update for fribidi (Moderate)	2022-05-25

BACK