Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2022-0563

Published: 21/02/2022 Updated: 07/01/2024
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 169
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Kernel

Vulnerability Summary

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions before 2.37.4.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kernel util-linux

netapp ontap select deploy administration utility -

Vendor Advisories

Amazon Linux 2: ALAS2-2022-1901
A flaw was found in the Linux kernel's util-linux chfn and chsh utilities when compiled with Readline support The Readline library uses an "INPUTRC" environment variable to get a path to the library config file When the library cannot parse the specified file, it prints an error message containing data from the file This flaw allows an unprivile ...
Amazon Linux 2022: ALAS2022-2022-099
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form An attacker may use ...
Amazon Linux 2022: ALAS-2022-218
ALAS-2022-218 Amazon Linux 2022 Security Advisory: ALAS-2022-218 Advisory Release Date: 2022-12-06 16:41 Pacific ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/toyhoshi/helm

SRE Labs This repository contains: the source code to implement a standalone HTTP web application a dockerfile to containerize the service an helm chart for the service an helm chart to install kube-prometheus-stack with an easy example of dashboard and alert a script to automate the provisioning of a local Kubernetes cluster Requirements You should have installed at least:

References

CWE-209https://security.netapp.com/advisory/ntap-20220331-0002/https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#uhttps://security.gentoo.org/glsa/202401-08https://nvd.nist.govhttps://github.com/toyhoshi/helmhttps://alas.aws.amazon.com/AL2/ALAS-2022-1901.htmlhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook