{"containers": {"cna": {"affected": [{"product": "podman", "vendor": "n/a", "versions": [{"status": "affected", "version": "podman 1.6.4-32.el7_9"}]}], "descriptions": [{"lang": "en", "value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T20:50:57", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-2738"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.079Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-2738"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2738", "datePublished": "2022-09-01T20:50:57", "dateReserved": "2022-08-09T00:00:00", "dateUpdated": "2024-08-03T00:46:04.079Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:podman_project:podman:1.6.4-32.el7_9:*:*:*:*:*:*:*", "matchCriteriaId": "341CA287-E1F2-41B1-AB2E-E77794909734", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification."}, {"lang": "es", "value": "La versi\u00f3n de podman publicada para Red Hat Enterprise Linux 7 Extras por medio del aviso RHSA-2022:2190 inclu\u00eda una versi\u00f3n incorrecta de podman que carec\u00eda de la correcci\u00f3n para CVE-2020-8945, que fue previamente corregida por medio de RHSA-2020:2117. Este problema podr\u00eda usarse para bloquear o causar una posible ejecuci\u00f3n de c\u00f3digo en aplicaciones Go que usan la biblioteca envolvente Go GPGME, bajo determinadas condiciones, durante la verificaci\u00f3n de la firma GPG"}], "id": "CVE-2022-2738", "lastModified": "2024-11-21T07:01:36.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-01T21:15:09.703", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2738"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2738"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:6119", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "podman-0:1.6.4-36.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2022-08-22T00:00:00Z"}], "bugzilla": {"description": "podman: Security regression of CVE-2020-8945 due to source code management issue", "id": "2116923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116923"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.", "The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification."], "name": "CVE-2022-2738", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-08-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2738\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2738"], "statement": "This issue only affects a single version of podman, 1.6.4-32.el7_9, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.", "threat_severity": "Moderate"}