CVE-2022-2469

3.8LOW

Key Information

Vendor
Gnu
Status
Gnu Sasl
Vendor
CVE Published:
19 July 2022

Summary

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

Affected Version(s)

GNU SASL = >=0.0.0, <2.0.1

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: 8.1 to: 3.8 - (LOW)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Simon Josefsson
.