~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apport Project
  • Apport
Canonical
  • Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

No data.

References
Link Providers
https://ubuntu.com/security/notices/USN-5427-1 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-28652 cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2024-08-05T17:47:51.218Z

Reserved: 2022-04-05T02:16:30.818Z

Link: CVE-2022-28652

cve-icon Vulnrichment

Updated: 2024-08-03T05:56:16.323Z

cve-icon NVD

Status : Modified

Published: 2024-06-04T22:15:09.780

Modified: 2024-11-21T06:57:39.520

Link: CVE-2022-28652

cve-icon Redhat

No data.