{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47085", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T14:47:28.781Z", "dateReserved": "2022-12-12T00:00:00.000Z", "datePublished": "2023-07-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/ostreedev/ostree/issues/2775"}, {"url": "https://doc.rust-lang.org/std/macro.eprintln.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:47:28.781Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/ostreedev/ostree/issues/2775", "tags": ["x_transferred"]}, {"url": "https://doc.rust-lang.org/std/macro.eprintln.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ostree_project:ostree:*:*:*:*:*:rust:*:*", "matchCriteriaId": "F2A5DB59-DB71-49DA-A2B0-ACEE36D4343A", "versionEndExcluding": "2022.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs."}], "id": "CVE-2022-47085", "lastModified": "2024-11-21T07:31:28.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-18T14:15:12.263", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://doc.rust-lang.org/std/macro.eprintln.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ostreedev/ostree/issues/2775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://doc.rust-lang.org/std/macro.eprintln.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ostreedev/ostree/issues/2775"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ostree: DoS via print_panic function", "id": "2251641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251641"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.", "A flaw was found in print_panic function in the repo_checkout_filter.rs in ostree. By sending a specially crafted request, a remote attacker could cause a denial of service."], "name": "CVE-2022-47085", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ostree", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "ostree", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ostree", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "ostree", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-11-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-47085\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-47085"], "statement": "This flaw is triggered by handling malicious input (via the print_panic function) causing denial of service, where the overall impact is considered minimal.\nThe ostree versions as distributed with Red Hat Enterprise Linux 8 and 9 are not vulnerable to this flaw as further analysis showed both Red Hat Enterprise Linux were already shipping ostree 2022.7 which already contained the changes to eliminate this vulnerability from the code base. Additionally the vulnerable code path is not exposed to any attacker controlled input, closing the attack surface involved in this CVE.", "threat_severity": "Moderate"}

{}