{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2663", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T00:46:04.030Z", "dateReserved": "2022-08-04T00:00:00", "datePublished": "2022-09-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured."}], "affected": [{"vendor": "n/a", "product": "Linux kernel", "versions": [{"version": "unknown", "status": "affected"}]}], "references": [{"url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"}, {"url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}, {"url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"}, {"url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"}, {"name": "DSA-5257", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5257"}, {"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-923", "cweId": "CWE-923"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.030Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2022/08/30/1", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}, {"url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663", "tags": ["x_transferred"]}, {"url": "https://www.youtube.com/watch?v=WIq-YgQuYCA", "tags": ["x_transferred"]}, {"name": "DSA-5257", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5257"}, {"name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured."}, {"lang": "es", "value": "Se ha encontrado un problema en el kernel de Linux en la funci\u00f3n nf_conntrack_irc en el que el manejo de los mensajes puede confundirse y hacerlos coincidir incorrectamente. Se ha encontrado un problema en el kernel de Linux en nf_conntrack_irc donde el manejo de mensajes puede confundirse y coincidir incorrectamente con el mensaje"}], "id": "CVE-2022-2663", "lastModified": "2024-11-21T07:01:28.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T21:15:09.653", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}, {"source": "secalert@redhat.com", "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5257"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-923"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2736", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2951", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.10.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-07T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2148", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2024:0724", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.91.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-02-07T00:00:00Z"}], "bugzilla": {"description": "kernel: netfilter: nf_conntrack_irc message handling issue", "id": "2123056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123056"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-923", "details": ["An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.", "A flaw was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and it incorrectly matches on the message. An attacker could exploit this vulnerability to bypass firewall when users are using unencrypted IRC with nf_conntrack_irc configured."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the module nf_conntrack_irc from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2022-2663", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-08-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2663\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2663\nhttps://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl@dgl.cx/T/"], "threat_severity": "Moderate"}