CVE-2022-23085 - Vulnerability Details

Vendors	Products
Freebsd	Freebsd

Link	Providers
https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
https://security.netapp.com/advisory/ntap-20240322-0004/

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:freebsd:freebsd:13.1:-::::::
Metrics	cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

Type	Values Removed	Values Added
First Time appeared		Freebsd Freebsd freebsd
Weaknesses		CWE-787
CPEs		cpe:2.3:o:freebsd:freebsd:::::::: cpe:2.3:o:freebsd:freebsd:12.3:-:::::: cpe:2.3:o:freebsd:freebsd:12.3:p1:::::: cpe:2.3:o:freebsd:freebsd:12.3:p2:::::: cpe:2.3:o:freebsd:freebsd:12.3:p3:::::: cpe:2.3:o:freebsd:freebsd:12.3:p4:::::: cpe:2.3:o:freebsd:freebsd:13.0:-:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta1:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta2:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta3:::::: cpe:2.3:o:freebsd:freebsd:13.0:beta4:::::: cpe:2.3:o:freebsd:freebsd:13.0:p10:::::: cpe:2.3:o:freebsd:freebsd:13.0:p1:::::: cpe:2.3:o:freebsd:freebsd:13.0:p2:::::: cpe:2.3:o:freebsd:freebsd:13.0:p3:::::: cpe:2.3:o:freebsd:freebsd:13.0:p4:::::: cpe:2.3:o:freebsd:freebsd:13.0:p5:::::: cpe:2.3:o:freebsd:freebsd:13.0:p6:::::: cpe:2.3:o:freebsd:freebsd:13.0:p7:::::: cpe:2.3:o:freebsd:freebsd:13.0:p8:::::: cpe:2.3:o:freebsd:freebsd:13.0:p9:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc1:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc2:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc3:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc4:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:::::: cpe:2.3:o:freebsd:freebsd:13.0:rc5::::::
Vendors & Products		Freebsd Freebsd freebsd

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23085", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2022-01-10T22:07:46.040Z", "datePublished": "2024-02-15T04:52:17.556Z", "dateUpdated": "2025-02-13T16:28:59.297Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["netmap"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p1", "status": "affected", "version": "13.1-RC1", "versionType": "release"}, {"lessThan": "p11", "status": "affected", "version": "13.0-RELEASE", "versionType": "release"}, {"lessThan": "p5", "status": "affected", "version": "12.3-RELEASE", "versionType": "release"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reno Robert"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lucas Leong (@_wmliang_)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro Zero Day Initiative"}], "datePublic": "2022-04-06T05:00:00.000Z", "descriptions": [{"lang": "en", "value": "A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow.  This insufficient bounds checking could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-03-22T19:06:00.907Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20240322-0004/"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential jail escape vulnerabilities in netmap", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "affected": [{"vendor": "freebsd", "product": "freebsd", "cpes": ["cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.0_p11", "versionType": "custom"}]}, {"vendor": "freebsd", "product": "freebsd", "cpes": ["cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12.3", "status": "affected", "lessThan": "12.3_p5", "versionType": "custom"}]}, {"vendor": "freebsd", "product": "freebsd", "cpes": ["cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.1", "status": "affected", "lessThan": "13.1-rc-p", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T18:56:15.573345Z", "id": "CVE-2022-23085", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T18:56:18.267Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.504Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc"}, {"url": "https://security.netapp.com/advisory/ntap-20240322-0004/", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2022-23085 (string)

assignerOrgId : 63664ac6-956c-4cba-a5d0-f46076e16109 (string)

state : PUBLISHED (string)

assignerShortName : freebsd (string)

dateReserved : 2022-01-10T22:07:46.040Z (string)

datePublished : 2024-02-15T04:52:17.556Z (string)

dateUpdated : 2025-02-13T16:28:59.297Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unknown (string)

modules : [ »

0 : netmap (string)

]

product : FreeBSD (string)

vendor : FreeBSD (string)

versions : [ »

0 : { »

lessThan : p1 (string)

status : affected (string)

version : 13.1-RC1 (string)

versionType : release (string)

}

1 : { »

lessThan : p11 (string)

status : affected (string)

version : 13.0-RELEASE (string)

versionType : release (string)

}

2 : { »

lessThan : p5 (string)

status : affected (string)

version : 12.3-RELEASE (string)

versionType : release (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Reno Robert (string)

}

1 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Lucas Leong (@_wmliang_) (string)

}

2 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Trend Micro Zero Day Initiative (string)

}

]

datePublic : 2022-04-06T05:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. (string)

}

]

providerMetadata : { »

orgId : 63664ac6-956c-4cba-a5d0-f46076e16109 (string)

shortName : freebsd (string)

dateUpdated : 2024-03-22T19:06:00.907Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc (string)

}

1 : { »

url : https://security.netapp.com/advisory/ntap-20240322-0004/ (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Potential jail escape vulnerabilities in netmap (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-120 (string)

lang : en (string)

description : CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (string)

}

]

}

]

affected : [ »

0 : { »

vendor : freebsd (string)

product : freebsd (string)

cpes : [ »

0 : cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 13.0 (string)

status : affected (string)

lessThan : 13.0_p11 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : freebsd (string)

product : freebsd (string)

cpes : [ »

0 : cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 12.3 (string)

status : affected (string)

lessThan : 12.3_p5 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : freebsd (string)

product : freebsd (string)

cpes : [ »

0 : cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 13.1 (string)

status : affected (string)

lessThan : 13.1-rc-p (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 9.8 (number)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-07-17T18:56:15.573345Z (string)

id : CVE-2022-23085 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-07-17T18:56:18.267Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T03:28:43.504Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc (string)

}

1 : { »

url : https://security.netapp.com/advisory/ntap-20240322-0004/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240322-0004/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.504Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-23085", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-17T18:56:15.573345Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*"], "vendor": "freebsd", "product": "freebsd", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.0_p11", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*"], "vendor": "freebsd", "product": "freebsd", "versions": [{"status": "affected", "version": "12.3", "lessThan": "12.3_p5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:*"], "vendor": "freebsd", "product": "freebsd", "versions": [{"status": "affected", "version": "13.1", "lessThan": "13.1-rc-p", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T18:50:47.081Z"}}], "cna": {"title": "Potential jail escape vulnerabilities in netmap", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reno Robert"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lucas Leong (@_wmliang_)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Trend Micro Zero Day Initiative"}], "affected": [{"vendor": "FreeBSD", "modules": ["netmap"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "13.1-RC1", "lessThan": "p1", "versionType": "release"}, {"status": "affected", "version": "13.0-RELEASE", "lessThan": "p11", "versionType": "release"}, {"status": "affected", "version": "12.3-RELEASE", "lessThan": "p5", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2022-04-06T05:00:00.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240322-0004/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow.  This insufficient bounds checking could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment."}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2024-03-22T19:06:00.907Z"}}}, "cveMetadata": {"cveId": "CVE-2022-23085", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:28:59.297Z", "dateReserved": "2022-01-10T22:07:46.040Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2024-02-15T04:52:17.556Z", "assignerShortName": "freebsd"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

1 : { »

url : https://security.netapp.com/advisory/ntap-20240322-0004/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T03:28:43.504Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 9.8 (number)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-23085 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-07-17T18:56:15.573345Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:* (string)

]

vendor : freebsd (string)

product : freebsd (string)

versions : [ »

0 : { »

status : affected (string)

version : 13.0 (string)

lessThan : 13.0_p11 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:* (string)

]

vendor : freebsd (string)

product : freebsd (string)

versions : [ »

0 : { »

status : affected (string)

version : 12.3 (string)

lessThan : 12.3_p5 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

2 : { »

cpes : [ »

0 : cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:* (string)

]

vendor : freebsd (string)

product : freebsd (string)

versions : [ »

0 : { »

status : affected (string)

version : 13.1 (string)

lessThan : 13.1-rc-p (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-120 (string)

description : CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-07-17T18:50:47.081Z (string)

}

]

cna : { »

title : Potential jail escape vulnerabilities in netmap (string)

source : { »

discovery : UNKNOWN (string)

}

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Reno Robert (string)

}

1 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Lucas Leong (@_wmliang_) (string)

}

2 : { »

lang : en (string)

type : finder (string)

user : 00000000-0000-4000-9000-000000000000 (string)

value : Trend Micro Zero Day Initiative (string)

}

]

affected : [ »

0 : { »

vendor : FreeBSD (string)

modules : [ »

0 : netmap (string)

]

product : FreeBSD (string)

versions : [ »

0 : { »

status : affected (string)

version : 13.1-RC1 (string)

lessThan : p1 (string)

versionType : release (string)

}

1 : { »

status : affected (string)

version : 13.0-RELEASE (string)

lessThan : p11 (string)

versionType : release (string)

}

2 : { »

status : affected (string)

version : 12.3-RELEASE (string)

lessThan : p5 (string)

versionType : release (string)

}

]

defaultStatus : unknown (string)

}

]

datePublic : 2022-04-06T05:00:00.000Z (string)

references : [ »

0 : { »

url : https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc (string)

tags : [ »

0 : vendor-advisory (string)

]

}

1 : { »

url : https://security.netapp.com/advisory/ntap-20240322-0004/ (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. (string)

}

]

providerMetadata : { »

orgId : 63664ac6-956c-4cba-a5d0-f46076e16109 (string)

shortName : freebsd (string)

dateUpdated : 2024-03-22T19:06:00.907Z (string)

}

cveMetadata : { »

cveId : CVE-2022-23085 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-13T16:28:59.297Z (string)

dateReserved : 2022-01-10T22:07:46.040Z (string)

assignerOrgId : 63664ac6-956c-4cba-a5d0-f46076e16109 (string)

datePublished : 2024-02-15T04:52:17.556Z (string)

assignerShortName : freebsd (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4497B7F-A3CF-43BD-B7AA-9D6D83612B98", "versionEndExcluding": "12.3", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*", "matchCriteriaId": "224B7627-CDDE-429A-852F-8A6066B501B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*", "matchCriteriaId": "3B6DCD8A-331E-419F-9253-C4D35C1DF54B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*", "matchCriteriaId": "4578E06C-16C6-435E-9E51-91CB02602355", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*", "matchCriteriaId": "71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*", "matchCriteriaId": "0EC87BCE-17F0-479B-84DC-516C24FBD396", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*", "matchCriteriaId": "174265E7-6B73-4546-B4C7-3826C7EB5624", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "833DFF5B-BC50-424A-ABCF-EC632F421B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "9F27016E-4117-4094-BB7A-9C56E38024D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*", "matchCriteriaId": "EC7326E3-908D-47A1-B848-3AA7F34B3DD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "B149BF69-951D-47B4-996C-9E4773DA75B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*", "matchCriteriaId": "04A0E266-714C-4753-A652-A51F25582C78", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*", "matchCriteriaId": "D133E8E0-4E88-451C-9693-5DE5C3092AD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*", "matchCriteriaId": "556111A1-C236-4DF6-9438-F9C874451A58", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*", "matchCriteriaId": "1673F16B-463A-492C-B66F-48917008F7F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*", "matchCriteriaId": "E73B211F-2CA9-47A4-B318-F24CC1C7E589", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*", "matchCriteriaId": "7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*", "matchCriteriaId": "7A942EA9-0DD3-44BC-B582-C680BA34E88F", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*", "matchCriteriaId": "689BC10B-0404-4468-B604-9D96337F9BD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*", "matchCriteriaId": "38DDAA43-3E9C-479F-8416-E3B9BE23C31B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*", "matchCriteriaId": "AE490480-1EA1-4684-A643-9749E87A8448", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC271C93-EB83-4301-B7BA-F3249B71B1EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "04329338-AC28-4A74-BE6B-CE8EC6CC37B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "ADBA841F-5C83-4759-84B7-B59DA1B12EA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "6A8F38B3-A6DA-4178-A2BD-0D4F0267C384", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*", "matchCriteriaId": "00D28E4E-022B-482E-9952-7F7F47C427C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow.  This insufficient bounds checking could lead to kernel memory corruption.\n\nOn systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment."}, {"lang": "es", "value": "Se pas\u00f3 una opci\u00f3n de entero proporcionada por el usuario a nmreq_copyin() sin comprobar si se desbordar\u00eda. Esta comprobaci\u00f3n de los l\u00edmites insuficiente podr\u00eda provocar da\u00f1os en la memoria del kernel. En sistemas configurados para incluir netmap en su devfs_ruleset, un proceso privilegiado que se ejecuta en una c\u00e1rcel puede afectar el entorno del host."}], "id": "CVE-2022-23085", "lastModified": "2024-12-09T17:27:22.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-15T05:15:09.110", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240322-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240322-0004/"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E4497B7F-A3CF-43BD-B7AA-9D6D83612B98 (string)

versionEndExcluding : 12.3 (string)

versionStartIncluding : 12.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:* (string)

matchCriteriaId : 224B7627-CDDE-429A-852F-8A6066B501B7 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:* (string)

matchCriteriaId : 3B6DCD8A-331E-419F-9253-C4D35C1DF54B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:* (string)

matchCriteriaId : 4578E06C-16C6-435E-9E51-91CB02602355 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:* (string)

matchCriteriaId : 71FA1F6C-7E53-40F8-B9E1-5FD28D5DAADA (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:* (string)

matchCriteriaId : 0EC87BCE-17F0-479B-84DC-516C24FBD396 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 174265E7-6B73-4546-B4C7-3826C7EB5624 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : 7412DBD8-BB1F-48A8-AAE1-BA5C8D7BDDF7 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:* (string)

matchCriteriaId : 833DFF5B-BC50-424A-ABCF-EC632F421B76 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:* (string)

matchCriteriaId : 9F27016E-4117-4094-BB7A-9C56E38024D9 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:* (string)

matchCriteriaId : EC7326E3-908D-47A1-B848-3AA7F34B3DD3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:* (string)

matchCriteriaId : B149BF69-951D-47B4-996C-9E4773DA75B7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:* (string)

matchCriteriaId : 04A0E266-714C-4753-A652-A51F25582C78 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:* (string)

matchCriteriaId : D133E8E0-4E88-451C-9693-5DE5C3092AD2 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:* (string)

matchCriteriaId : 556111A1-C236-4DF6-9438-F9C874451A58 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:* (string)

matchCriteriaId : 1673F16B-463A-492C-B66F-48917008F7F5 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:* (string)

matchCriteriaId : E73B211F-2CA9-47A4-B318-F24CC1C7E589 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:* (string)

matchCriteriaId : 7C13DDEF-FF5F-4723-9C25-4EA66AE2CEDD (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:* (string)

matchCriteriaId : 7A942EA9-0DD3-44BC-B582-C680BA34E88F (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:* (string)

matchCriteriaId : 689BC10B-0404-4468-B604-9D96337F9BD1 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:* (string)

matchCriteriaId : 38DDAA43-3E9C-479F-8416-E3B9BE23C31B (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:* (string)

matchCriteriaId : AE490480-1EA1-4684-A643-9749E87A8448 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:* (string)

matchCriteriaId : FC271C93-EB83-4301-B7BA-F3249B71B1EA (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 04329338-AC28-4A74-BE6B-CE8EC6CC37B7 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:* (string)

matchCriteriaId : ADBA841F-5C83-4759-84B7-B59DA1B12EA8 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 6A8F38B3-A6DA-4178-A2BD-0D4F0267C384 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:* (string)

matchCriteriaId : 9BB028A0-70F6-42DA-9E5A-F7AAF74ED45B (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:* (string)

matchCriteriaId : 00D28E4E-022B-482E-9952-7F7F47C427C2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment. (string)

}

1 : { »

lang : es (string)

value : Se pasó una opción de entero proporcionada por el usuario a nmreq_copyin() sin comprobar si se desbordaría. Esta comprobación de los límites insuficiente podría provocar daños en la memoria del kernel. En sistemas configurados para incluir netmap en su devfs_ruleset, un proceso privilegiado que se ejecuta en una cárcel puede afectar el entorno del host. (string)

}

]

id : CVE-2022-23085 (string)

lastModified : 2024-12-09T17:27:22.803 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 8.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.5 (number)

impactScore : 6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2024-02-15T05:15:09.110 (string)

references : [ »

0 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc (string)

}

1 : { »

source : secteam@freebsd.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20240322-0004/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20240322-0004/ (string)

}

]

sourceIdentifier : secteam@freebsd.org (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-120 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object