{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27239", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T05:25:32.591Z", "dateReserved": "2022-03-18T00:00:00", "datePublished": "2022-04-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-24T15:06:24.937043"}, "descriptions": [{"lang": "en", "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"}, {"url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"}, {"url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"}, {"url": "https://github.com/piastry/cifs-utils/pull/7"}, {"name": "FEDORA-2022-eb2d3ca94d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"}, {"name": "FEDORA-2022-7fda04ab5a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"}, {"name": "FEDORA-2022-34de4f833d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"}, {"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"}, {"name": "DSA-5157", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5157"}, {"name": "GLSA-202311-05", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202311-05"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:25:32.591Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216", "tags": ["x_transferred"]}, {"url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba", "tags": ["x_transferred"]}, {"url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765", "tags": ["x_transferred"]}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=15025", "tags": ["x_transferred"]}, {"url": "https://github.com/piastry/cifs-utils/pull/7", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-eb2d3ca94d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"}, {"name": "FEDORA-2022-7fda04ab5a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"}, {"name": "FEDORA-2022-34de4f833d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"}, {"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"}, {"name": "DSA-5157", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5157"}, {"name": "GLSA-202311-05", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202311-05"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*", "matchCriteriaId": "A994C1D7-9394-43A0-976B-246980F5E77E", "versionEndExcluding": "6.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AB27A2D-549C-450E-A09E-B3316895F052", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B20D44D-F87E-4692-8E04-695683F1ECE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7305944-AC9C-47A3-AADF-71A8B24830D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "694479D9-16C8-4B60-A4D3-975D9E0A7F53", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B264EB20-49EA-4819-A92B-0748AEFFAC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "9910C73A-3BCD-4F56-8C7D-79CB289640A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0156BFA-9E83-43E6-9C73-9711AD054B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CAC2D0A4-56F8-4ED6-91E2-78434A016C5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "450A3B3F-F26D-4EAB-BF5D-4C906C4A99DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD5BDD59-5008-4DDC-B805-BB6B7DE8E1A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A69D3CCD-6590-46EF-9D3F-E903AB78E3BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5810E98-7BF5-42E2-9DE9-661049ABE367", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E46DEFD-659D-4D8F-BCD8-6B8A022F8FB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A1532304-0EA2-4816-B481-C87C7386DC88", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C3BEB21-4080-4258-B95C-562D717AED0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "83F8A7D8-FD3E-4C36-AB2A-A61449BF38C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1675CBE5-44D3-4326-AE8B-EEB9E25D783A", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B631400C-0A5A-45A3-9DFA-B419E83D324E", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*", "matchCriteriaId": "ACB76FF0-B939-42E9-842B-171E929F317D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*", "matchCriteriaId": "F648F64B-C3F2-4B14-906D-E48345303F0E", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*", "matchCriteriaId": "F8C8AD43-557D-4285-BA46-9C5785F53229", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*", "matchCriteriaId": "6CFA8943-A151-4E16-962D-75F1CB0C3C41", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*", "matchCriteriaId": "89C89474-3F7A-499E-8E7C-25952584A68C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*", "matchCriteriaId": "CA2E84A0-A9ED-411B-9963-647D8A95D3D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*", "matchCriteriaId": "455B5F70-FDA0-4AE3-9C62-F0BC8E6C3D85", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "A0E17861-F7C2-479B-B687-42419ADED014", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*", "matchCriteriaId": "75A0B727-33A9-416B-9E83-5103ABE856B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*", "matchCriteriaId": "D0E679A3-3EAC-4603-BD89-E04EE26845B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*", "matchCriteriaId": "EACDFD9B-C423-4FD1-B9AA-0D6D7D93CB36", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*", "matchCriteriaId": "825D86FE-87DA-4389-8097-D7CF34718CB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "4B0AC584-5E26-4ACE-BC19-9E69A302F238", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "7B84C8D3-0B59-40DC-881D-D016A422E8CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*", "matchCriteriaId": "93A9AC01-6C1F-4025-BD7C-E02C4E3D0CD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*", "matchCriteriaId": "16729D9C-DC05-41BD-9B32-682983190CE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*", "matchCriteriaId": "EA9DC756-8E39-4AB6-B9D4-2A4100FF8D04", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*", "matchCriteriaId": "77F1991E-E0D6-4BDE-BDF0-D34D6E67AAD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*", "matchCriteriaId": "C6622CD4-DF4B-4064-BAEB-5E382C4B05C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*", "matchCriteriaId": "E279968E-C62B-4888-899A-2BF57E8F8692", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*", "matchCriteriaId": "65709414-EAE0-4EA7-9C5F-EBDA80FF2A9D", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "7E05EE7E-993C-4107-9A15-EBE0D2268239", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*", "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*", "matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*", "matchCriteriaId": "88FFABAC-A728-4172-9A1E-2B84E82219D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*", "matchCriteriaId": "B1065E14-69B3-4643-ACF7-3C14BF07C783", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*", "matchCriteriaId": "26FDBC27-D993-4A93-BC70-753FA21F4C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*", "matchCriteriaId": "55A521F2-51C3-4356-A8D6-BD5A1BD60C85", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*", "matchCriteriaId": "A256B5D1-49D2-4363-AAD6-30FD32F0D132", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "6E1420DB-3DF2-4A95-B703-913D67727295", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*", "matchCriteriaId": "6C2EACE6-C127-4B13-8002-8EEBEE8D549B", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*", "matchCriteriaId": "72FDB554-E771-42DA-8B9E-DB5CB545A660", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "6C734CEC-64F2-4129-B52E-C81884B3AC9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "541BB602-443D-4D8E-A46F-5EC4A9702E17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."}, {"lang": "es", "value": "En cifs-utils versiones hasta 6.14, un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria cuando es analizado el argumento de l\u00ednea de comandos mount.cifs ip= podr\u00eda conllevar a que atacantes locales obtuvieran privilegios de root"}], "id": "CVE-2022-27239", "lastModified": "2024-11-21T06:55:28.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-27T14:15:09.203", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/piastry/cifs-utils/pull/7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202311-05"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/piastry/cifs-utils/pull/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202311-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5157"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2023:3052", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "cifs-utils-0:7.0-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}], "bugzilla": {"description": "cifs-utils: stack-based buffer overflow mount.cifs may lead to local privilege escalation to root", "id": "2081040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081040"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.", "A stack-based buffer overflow issue was found in cifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges."], "name": "CVE-2022-27239", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "cifs-utils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "cifs-utils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "cifs-utils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-04-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-27239\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27239"], "statement": "The mount.cifs binary file is shipped without setuid privileges as default which prevents an attacker to gain root privileges hence lowering the flaw impact.", "threat_severity": "Moderate"}