Details of VAR-202204-0432

ID

VAR-202204-0432

CVE

CVE-2022-24070

TITLE

Subversion of mod_dav_svn Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009515

DESCRIPTION

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. Subversion of mod_dav_svn Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). Apache Subversion has a resource management error vulnerability that stems from a use-after-free bug in mod_dav_svn. ========================================================================== Ubuntu Security Notice USN-5372-1 April 12, 2022 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Subversion. Software Description: - subversion: Advanced version control system Details: Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544) Thomas Wei\xdfschuh discovered that Subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libapache2-mod-svn 1.14.1-3ubuntu0.1 libsvn-java 1.14.1-3ubuntu0.1 libsvn-perl 1.14.1-3ubuntu0.1 libsvn1 1.14.1-3ubuntu0.1 python3-subversion 1.14.1-3ubuntu0.1 ruby-svn 1.14.1-3ubuntu0.1 subversion 1.14.1-3ubuntu0.1 subversion-tools 1.14.1-3ubuntu0.1 Ubuntu 20.04 LTS: libapache2-mod-svn 1.13.0-3ubuntu0.1 libsvn-java 1.13.0-3ubuntu0.1 libsvn-perl 1.13.0-3ubuntu0.1 libsvn1 1.13.0-3ubuntu0.1 python-subversion 1.13.0-3ubuntu0.1 ruby-svn 1.13.0-3ubuntu0.1 subversion 1.13.0-3ubuntu0.1 subversion-tools 1.13.0-3ubuntu0.1 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2022:2234-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2234 Issue date: 2022-05-12 CVE Names: CVE-2022-24070 ==================================================================== 1. Summary: An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.src.rpm subversion-1.10.2-5.module+el8.6.0+15157+188c9801.src.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.src.rpm aarch64: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.aarch64.rpm mod_dav_svn-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-debugsource-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-devel-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-devel-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-gnome-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-gnome-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-libs-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-libs-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-perl-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-perl-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-tools-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm subversion-tools-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.aarch64.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.aarch64.rpm noarch: subversion-javahl-1.10.2-5.module+el8.6.0+15157+188c9801.noarch.rpm ppc64le: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.ppc64le.rpm mod_dav_svn-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-debugsource-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-devel-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-devel-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-gnome-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-libs-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-libs-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-perl-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-perl-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-tools-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm subversion-tools-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.ppc64le.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.ppc64le.rpm s390x: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.s390x.rpm mod_dav_svn-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm mod_dav_svn-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-debugsource-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-devel-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-devel-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-gnome-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-gnome-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-libs-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-libs-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-perl-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-perl-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-tools-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm subversion-tools-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.s390x.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.s390x.rpm x86_64: libserf-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.3.0+6671+2675c974.x86_64.rpm mod_dav_svn-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-debugsource-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-devel-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-devel-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-gnome-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-gnome-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-libs-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-libs-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-perl-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-perl-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-tools-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm subversion-tools-debuginfo-1.10.2-5.module+el8.6.0+15157+188c9801.x86_64.rpm utf8proc-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.3.0+6671+2675c974.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24070 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. CVE-2022-24070 Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to a use-after-free vulnerability when looking up path-based authorization rules, which can result in denial of service (crash of HTTPD worker handling the request). For the oldstable distribution (buster), these problems have been fixed in version 1.10.4-1+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1. We recommend that you upgrade your subversion packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-07-20-2 macOS Monterey 12.5 macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345. APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03) AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36) Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36) AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom) Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom) CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg) File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom) iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit) Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn) libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823 Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t) PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0) SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0) Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin) Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu) subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance Additional recognition 802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance. AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Calendar We would like to acknowledge Joshua Jones for their assistance. configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. DiskArbitration We would like to acknowledge Mike Cush for their assistance. macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // VULHUB: VHN-413621 // VULMON: CVE-2022-24070 // PACKETSTORM: 166704 // PACKETSTORM: 167159 // PACKETSTORM: 167455 // PACKETSTORM: 169362 // PACKETSTORM: 167165 // PACKETSTORM: 167126 // PACKETSTORM: 167244 // PACKETSTORM: 167787

AFFECTED PRODUCTS

vendor:	apache	model:	subversion	scope:	lt	version:	1.14.2	Trust: 1.0
vendor:	apache	model:	subversion	scope:	lt	version:	1.10.8	Trust: 1.0
vendor:	apache	model:	subversion	scope:	gte	version:	1.10.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apache	model:	subversion	scope:	gte	version:	1.14.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	subversion	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009515 // NVD: CVE-2022-24070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24070
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-24070
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2957
value:	HIGH
Trust: 0.6
VULHUB:	VHN-413621
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-24070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-24070
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-413621
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24070
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24070
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-413621 // VULMON: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // CNNVD: CNNVD-202204-2957 // NVD: CVE-2022-24070

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-413621 // JVNDB: JVNDB-2022-009515 // NVD: CVE-2022-24070

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 166704 // CNNVD: CNNVD-202204-2957

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2957

PATCH

title:	HT213345	url:	https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife	Trust: 0.8
title:	Apache Subversion Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190233	Trust: 0.6
title:	Ubuntu Security Notice: USN-5372-1: Subversion vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5372-1	Trust: 0.1
title:	Ubuntu Security Notice: USN-5450-1: Subversion vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5450-1	Trust: 0.1
title:	Red Hat: Important: subversion:1.14 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224722 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222236 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222234 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.14 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224941 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224591 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222237 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: subversion:1.10 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222222 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5119-1 subversion -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=92807168ef39b4ee91e68837b0467938	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-24070	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-076	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-076	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-149	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-149	Trust: 0.1
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // CNNVD: CNNVD-202204-2957

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24070	Trust: 4.2
db:	PACKETSTORM	id:	167165	Trust: 0.8
db:	PACKETSTORM	id:	167244	Trust: 0.8
db:	PACKETSTORM	id:	167455	Trust: 0.8
db:	PACKETSTORM	id:	167159	Trust: 0.8
db:	PACKETSTORM	id:	167787	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-009515	Trust: 0.8
db:	PACKETSTORM	id:	167280	Trust: 0.7
db:	PACKETSTORM	id:	167374	Trust: 0.7
db:	PACKETSTORM	id:	166704	Trust: 0.7
db:	CS-HELP	id:	SB2022041263	Trust: 0.6
db:	CS-HELP	id:	SB2022051234	Trust: 0.6
db:	CS-HELP	id:	SB2022051741	Trust: 0.6
db:	CS-HELP	id:	SB2022052711	Trust: 0.6
db:	CS-HELP	id:	SB2022060923	Trust: 0.6
db:	CS-HELP	id:	SB2022072101	Trust: 0.6
db:	CS-HELP	id:	SB2022041402	Trust: 0.6
db:	CS-HELP	id:	SB2022052804	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1641	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2525	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2639	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3559	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1596	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2345	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2848	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2377	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2957	Trust: 0.6
db:	PACKETSTORM	id:	167126	Trust: 0.2
db:	PACKETSTORM	id:	167158	Trust: 0.1
db:	CNVD	id:	CNVD-2022-38524	Trust: 0.1
db:	VULHUB	id:	VHN-413621	Trust: 0.1
db:	VULMON	id:	CVE-2022-24070	Trust: 0.1
db:	PACKETSTORM	id:	169362	Trust: 0.1

sources: VULHUB: VHN-413621 // VULMON: CVE-2022-24070 // JVNDB: JVNDB-2022-009515 // PACKETSTORM: 166704 // PACKETSTORM: 167159 // PACKETSTORM: 167455 // PACKETSTORM: 169362 // PACKETSTORM: 167165 // PACKETSTORM: 167126 // PACKETSTORM: 167244 // PACKETSTORM: 167787 // CNNVD: CNNVD-202204-2957 // NVD: CVE-2022-24070

REFERENCES

url:	https://www.debian.org/security/2022/dsa-5119	Trust: 1.9
url:	https://support.apple.com/kb/ht213345	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2022/jul/18	Trust: 1.8
url:	https://bz.apache.org/bugzilla/show_bug.cgi?id=65861	Trust: 1.8
url:	https://cwiki.apache.org/confluence/display/httpd/modulelife	Trust: 1.8
url:	https://issues.apache.org/jira/browse/svn-4880	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24070	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2022-24070	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.2525	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3559	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-24070/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052804	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1596	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2848	Trust: 0.6
url:	https://packetstormsecurity.com/files/167165/red-hat-security-advisory-2022-2236-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060923	Trust: 0.6
url:	https://support.apple.com/en-us/ht213345	Trust: 0.6
url:	https://packetstormsecurity.com/files/167244/red-hat-security-advisory-2022-4722-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167374/red-hat-security-advisory-2022-4591-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167280/ubuntu-security-notice-usn-5450-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167455/red-hat-security-advisory-2022-4941-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2377	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051741	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052711	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-subversion-memory-corruption-via-mod-dav-svn-38023	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1641	Trust: 0.6
url:	https://packetstormsecurity.com/files/167787/apple-security-advisory-2022-07-20-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041263	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2639	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072101	Trust: 0.6
url:	https://packetstormsecurity.com/files/167159/red-hat-security-advisory-2022-2234-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041402	Trust: 0.6
url:	https://packetstormsecurity.com/files/166704/ubuntu-security-notice-usn-5372-1.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051234	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2345	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28544	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5372-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.1	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2234	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4941	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/subversion	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2236	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2222	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4722	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2294	Trust: 0.1
url:	https://support.apple.com/ht213345.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32786	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32792	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29046	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29048	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32787	Trust: 0.1
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 167159 // PACKETSTORM: 167455 // PACKETSTORM: 167165 // PACKETSTORM: 167126 // PACKETSTORM: 167244

SOURCES

db:	VULHUB	id:	VHN-413621
db:	VULMON	id:	CVE-2022-24070
db:	JVNDB	id:	JVNDB-2022-009515
db:	PACKETSTORM	id:	166704
db:	PACKETSTORM	id:	167159
db:	PACKETSTORM	id:	167455
db:	PACKETSTORM	id:	169362
db:	PACKETSTORM	id:	167165
db:	PACKETSTORM	id:	167126
db:	PACKETSTORM	id:	167244
db:	PACKETSTORM	id:	167787
db:	CNNVD	id:	CNNVD-202204-2957
db:	NVD	id:	CVE-2022-24070

LAST UPDATE DATE

2024-09-17T20:25:30.239000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-413621	date:	2022-10-28T00:00:00
db:	VULMON	id:	CVE-2022-24070	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009515	date:	2023-08-07T01:41:00
db:	CNNVD	id:	CNNVD-202204-2957	date:	2022-07-25T00:00:00
db:	NVD	id:	CVE-2022-24070	date:	2023-11-07T03:44:22.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-413621	date:	2022-04-12T00:00:00
db:	VULMON	id:	CVE-2022-24070	date:	2022-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009515	date:	2023-08-07T00:00:00
db:	PACKETSTORM	id:	166704	date:	2022-04-13T15:00:52
db:	PACKETSTORM	id:	167159	date:	2022-05-12T16:35:42
db:	PACKETSTORM	id:	167455	date:	2022-06-09T16:10:49
db:	PACKETSTORM	id:	169362	date:	2022-04-28T19:12:00
db:	PACKETSTORM	id:	167165	date:	2022-05-13T16:05:30
db:	PACKETSTORM	id:	167126	date:	2022-05-12T15:44:49
db:	PACKETSTORM	id:	167244	date:	2022-05-24T17:34:17
db:	PACKETSTORM	id:	167787	date:	2022-07-22T16:22:49
db:	CNNVD	id:	CNNVD-202204-2957	date:	2022-04-12T00:00:00
db:	NVD	id:	CVE-2022-24070	date:	2022-04-12T18:15:09.137