ID

VAR-202202-1615


CVE

CVE-2021-43826


TITLE

Envoy  Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006007

DESCRIPTION

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. Envoy Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. No detailed vulnerability details are currently available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Service Mesh 2.0.9 security update Advisory ID: RHSA-2022:1276-01 Product: Red Hat OpenShift Service Mesh Advisory URL: https://access.redhat.com/errata/RHSA-2022:1276 Issue date: 2022-04-07 CVE Names: CVE-2020-28851 CVE-2020-28852 CVE-2021-3121 CVE-2021-3749 CVE-2021-29482 CVE-2021-29923 CVE-2021-36221 CVE-2021-43565 CVE-2021-43824 CVE-2021-43825 CVE-2021-43826 CVE-2022-21654 CVE-2022-21655 CVE-2022-23606 CVE-2022-23635 CVE-2022-24726 ===================================================================== 1. Summary: Red Hat OpenShift Service Mesh 2.0.9. Red Hat Product Security has rated this update as having a security impact of Important. 2. Relevant releases/architectures: 2.0 - ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654) * envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655) * istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824) * envoy: Use-after-free when response filters increase response data (CVE-2021-43825) * envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826) * envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606) * istio: unauthenticated control plane denial of service attack (CVE-2022-23635) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: The OpenShift Service Mesh release notes provide information on the features and known issues: https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2050744 - CVE-2021-43824 envoy: Null pointer dereference when using JWT filter safe_regex match 2050746 - CVE-2021-43825 envoy: Use-after-free when response filters increase response data 2050748 - CVE-2021-43826 envoy: Use-after-free when tunneling TCP over HTTP 2050753 - CVE-2022-21654 envoy: Incorrect configuration handling allows mTLS session re-use without re-validation 2050757 - CVE-2022-21655 envoy: Incorrect handling of internal redirects to routes with a direct response entry 2050758 - CVE-2022-23606 envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service 2057277 - CVE-2022-23635 istio: unauthenticated control plane denial of service attack 2061638 - CVE-2022-24726 istio: Unauthenticated control plane denial of service attack due to stack exhaustion 6. Package List: 2.0: Source: kiali-v1.24.7.redhat1-1.el8.src.rpm servicemesh-2.0.9-3.el8.src.rpm servicemesh-cni-2.0.9-3.el8.src.rpm servicemesh-operator-2.0.9-3.el8.src.rpm servicemesh-prometheus-2.14.0-16.el8.1.src.rpm servicemesh-proxy-2.0.9-3.el8.src.rpm ppc64le: kiali-v1.24.7.redhat1-1.el8.ppc64le.rpm servicemesh-2.0.9-3.el8.ppc64le.rpm servicemesh-cni-2.0.9-3.el8.ppc64le.rpm servicemesh-istioctl-2.0.9-3.el8.ppc64le.rpm servicemesh-mixc-2.0.9-3.el8.ppc64le.rpm servicemesh-mixs-2.0.9-3.el8.ppc64le.rpm servicemesh-operator-2.0.9-3.el8.ppc64le.rpm servicemesh-pilot-agent-2.0.9-3.el8.ppc64le.rpm servicemesh-pilot-discovery-2.0.9-3.el8.ppc64le.rpm servicemesh-prometheus-2.14.0-16.el8.1.ppc64le.rpm servicemesh-proxy-2.0.9-3.el8.ppc64le.rpm s390x: kiali-v1.24.7.redhat1-1.el8.s390x.rpm servicemesh-2.0.9-3.el8.s390x.rpm servicemesh-cni-2.0.9-3.el8.s390x.rpm servicemesh-istioctl-2.0.9-3.el8.s390x.rpm servicemesh-mixc-2.0.9-3.el8.s390x.rpm servicemesh-mixs-2.0.9-3.el8.s390x.rpm servicemesh-operator-2.0.9-3.el8.s390x.rpm servicemesh-pilot-agent-2.0.9-3.el8.s390x.rpm servicemesh-pilot-discovery-2.0.9-3.el8.s390x.rpm servicemesh-prometheus-2.14.0-16.el8.1.s390x.rpm servicemesh-proxy-2.0.9-3.el8.s390x.rpm x86_64: kiali-v1.24.7.redhat1-1.el8.x86_64.rpm servicemesh-2.0.9-3.el8.x86_64.rpm servicemesh-cni-2.0.9-3.el8.x86_64.rpm servicemesh-istioctl-2.0.9-3.el8.x86_64.rpm servicemesh-mixc-2.0.9-3.el8.x86_64.rpm servicemesh-mixs-2.0.9-3.el8.x86_64.rpm servicemesh-operator-2.0.9-3.el8.x86_64.rpm servicemesh-pilot-agent-2.0.9-3.el8.x86_64.rpm servicemesh-pilot-discovery-2.0.9-3.el8.x86_64.rpm servicemesh-prometheus-2.14.0-16.el8.1.x86_64.rpm servicemesh-proxy-2.0.9-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2020-28851 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-43824 https://access.redhat.com/security/cve/CVE-2021-43825 https://access.redhat.com/security/cve/CVE-2021-43826 https://access.redhat.com/security/cve/CVE-2022-21654 https://access.redhat.com/security/cve/CVE-2022-21655 https://access.redhat.com/security/cve/CVE-2022-23606 https://access.redhat.com/security/cve/CVE-2022-23635 https://access.redhat.com/security/cve/CVE-2022-24726 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYk9i6NzjgjWX9erEAQjAEhAAmnMX+Vmxv+BfSR/1KoiT5lCYoO0yCwR3 L2bDIAzohd4RaxbTxTRGGg0ibXB22Helse0hfroV/ZVQDhEcVg07QDwB7bdHknz6 hD1YtqBPLY93Vt2bvUq3XQNpv/hcxK9zngW0j4IeB4kRb0TbIz41yb+0SAKHmHqG KkcyqHeUvh/N02Rp4Ylk+B+Rcjfwwu3KJToUl+YwoajitIiu7np7qkftQ5s+uO2u nuxXdSm67L/WiaCq+LBLJpxk7zmZVtq3kTkqiokHFlSpS9NJCMDWvhpbXG1owkiV du9kUoZYa1hAIonX/URZ7HtOgwBOfaa9Jo0vwLp1GkCZEN389mo7+SkM1A/WGsdN rPwS2pe6HNNqSORHM9aoygraBTZeYyzSTCnVIRIggDbCb8DfG+WdITIEM/Jk9UFS +WSSDbJ9oVNPZtXqImtqxT+0FKHdk9My0UWWpJci3XeV6zL7+1ApcPTib7Y0sbRi XBxeV7THZdyiNHk49xE6i96z5QJFkRL/VCgBx3CaiHVqOAv27cR3O6MrP904utyh f3zUPSYIezvUgq65D13XZTruitBd4wMDTPpCqpsBM5JzLoyObKoU/KIr7oasJkbM 5gKHsNsszEfYgaqFmkao55xHHrZLt7x+WaF6dAttUAbl6AalJmEY3C9UcHYIZlGa 8V4YhC5zIXU= =/fvC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): OSSM-1074 - Pod annotations defined in SMCP are not injected in the pods OSSM-1234 - RPM Release for Maistra 2.1.2 OSSM-303 - Control Openshift Route Creation for ingress Gateways 7

Trust: 2.43

sources: NVD: CVE-2021-43826 // JVNDB: JVNDB-2022-006007 // CNVD: CNVD-2022-15542 // VULMON: CVE-2021-43826 // PACKETSTORM: 166643 // PACKETSTORM: 166644

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-15542

AFFECTED PRODUCTS

vendor:envoyproxymodel:envoyscope:ltversion:1.19.3

Trust: 1.0

vendor:envoyproxymodel:envoyscope:ltversion:1.18.6

Trust: 1.0

vendor:envoyproxymodel:envoyscope:gteversion:1.19.0

Trust: 1.0

vendor:envoyproxymodel:envoyscope:gteversion:1.20.0

Trust: 1.0

vendor:envoyproxymodel:envoyscope:ltversion:1.21.1

Trust: 1.0

vendor:envoyproxymodel:envoyscope:ltversion:1.20.2

Trust: 1.0

vendor:envoyproxymodel:envoyscope:gteversion:1.21.0

Trust: 1.0

vendor:envoy proxymodel:envoyscope: - version: -

Trust: 0.8

vendor:envoy proxymodel:envoyscope:eqversion: -

Trust: 0.8

vendor:envoymodel:envoyscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-15542 // JVNDB: JVNDB-2022-006007 // NVD: CVE-2021-43826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43826
value: HIGH

Trust: 1.0

security-advisories@github.com: CVE-2021-43826
value: HIGH

Trust: 1.0

NVD: CVE-2021-43826
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-15542
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202202-1764
value: HIGH

Trust: 0.6

VULMON: CVE-2021-43826
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43826
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-15542
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-43826
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-006007
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-15542 // VULMON: CVE-2021-43826 // JVNDB: JVNDB-2022-006007 // CNNVD: CNNVD-202202-1764 // NVD: CVE-2021-43826 // NVD: CVE-2021-43826

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

problemtype:Use of freed memory (CWE-416) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-006007 // NVD: CVE-2021-43826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1764

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202202-1764

PATCH

title:Use-after-free when tunneling TCP over HTTP, if downstream disconnects during upstream connection establishment GitHuburl:https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh

Trust: 0.8

title:Patch for Envoy Resource Management Error Vulnerability (CNVD-2022-15542)url:https://www.cnvd.org.cn/patchInfo/show/322721

Trust: 0.6

title:Envoy Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183238

Trust: 0.6

title:Red Hat: url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-43826

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Service Mesh 2.1.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221275 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat OpenShift Service Mesh 2.0.9 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221276 - Security Advisory

Trust: 0.1

sources: CNVD: CNVD-2022-15542 // VULMON: CVE-2021-43826 // JVNDB: JVNDB-2022-006007 // CNNVD: CNNVD-202202-1764

EXTERNAL IDS

db:NVDid:CVE-2021-43826

Trust: 4.1

db:JVNDBid:JVNDB-2022-006007

Trust: 0.8

db:PACKETSTORMid:166644

Trust: 0.7

db:CNVDid:CNVD-2022-15542

Trust: 0.6

db:AUSCERTid:ESB-2022.1505

Trust: 0.6

db:CNNVDid:CNNVD-202202-1764

Trust: 0.6

db:VULMONid:CVE-2021-43826

Trust: 0.1

db:PACKETSTORMid:166643

Trust: 0.1

sources: CNVD: CNVD-2022-15542 // VULMON: CVE-2021-43826 // JVNDB: JVNDB-2022-006007 // PACKETSTORM: 166643 // PACKETSTORM: 166644 // CNNVD: CNNVD-202202-1764 // NVD: CVE-2021-43826

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-43826

Trust: 2.2

url:https://github.com/envoyproxy/envoy/security/advisories/ghsa-cmx3-fvgf-83mf

Trust: 1.7

url:https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2021-43826

Trust: 0.9

url:https://cxsecurity.com/cveshow/cve-2021-43826/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1505

Trust: 0.6

url:https://packetstormsecurity.com/files/166644/red-hat-security-advisory-2022-1275-01.html

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2022:1275

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-21654

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43825

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24726

Trust: 0.2

url:https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-43825

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23635

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23606

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-21654

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24726

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-21655

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23635

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43824

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-21655

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23606

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-43824

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1276

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28852

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3749

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28851

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29482

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28852

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28851

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

sources: CNVD: CNVD-2022-15542 // VULMON: CVE-2021-43826 // JVNDB: JVNDB-2022-006007 // PACKETSTORM: 166643 // PACKETSTORM: 166644 // CNNVD: CNNVD-202202-1764 // NVD: CVE-2021-43826

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 166643 // PACKETSTORM: 166644

SOURCES

db:CNVDid:CNVD-2022-15542
db:VULMONid:CVE-2021-43826
db:JVNDBid:JVNDB-2022-006007
db:PACKETSTORMid:166643
db:PACKETSTORMid:166644
db:CNNVDid:CNNVD-202202-1764
db:NVDid:CVE-2021-43826

LAST UPDATE DATE

2024-08-14T12:13:46.098000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-15542date:2022-03-01T00:00:00
db:VULMONid:CVE-2021-43826date:2022-03-02T00:00:00
db:JVNDBid:JVNDB-2022-006007date:2023-06-26T00:52:00
db:CNNVDid:CNNVD-202202-1764date:2022-04-13T00:00:00
db:NVDid:CVE-2021-43826date:2022-03-02T15:23:00.960

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-15542date:2022-03-01T00:00:00
db:VULMONid:CVE-2021-43826date:2022-02-22T00:00:00
db:JVNDBid:JVNDB-2022-006007date:2023-06-26T00:00:00
db:PACKETSTORMid:166643date:2022-04-08T15:05:23
db:PACKETSTORMid:166644date:2022-04-08T15:06:03
db:CNNVDid:CNNVD-202202-1764date:2022-02-22T00:00:00
db:NVDid:CVE-2021-43826date:2022-02-22T23:15:10.957