CVE-2022-1117

{"id": "CVE-2022-1117", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2022-08-29T15:15:10.357", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-1117", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066904", "tags": ["Permissions Required", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068171", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/linux-application-whitelisting/fapolicyd/commit/38a942613f93824c53164730b2b7a2f75b8cd263", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-552"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en fapolicyd. La vulnerabilidad se produce debido a una suposici\u00f3n sobre c\u00f3mo glibc nombra al enlazador en tiempo de ejecuci\u00f3n, una expresi\u00f3n regular en tiempo de compilaci\u00f3n puede no detectar correctamente el enlazador en tiempo de ejecuci\u00f3n. La consecuencia es que la detecci\u00f3n de patrones para las aplicaciones lanzadas por el enlazador en tiempo de ejecuci\u00f3n puede fallar al detectar el patr\u00f3n y permitir la ejecuci\u00f3n"}], "lastModified": "2023-02-12T22:15:23.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fapolicyd_project:fapolicyd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77ED18CE-3E85-47C5-B5D3-9F2A846C75E5", "versionEndExcluding": "1.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}