Debian DLA-3276-1 : lava – LTS security update
Discription
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3276 advisory.
– In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. (CVE-2022-44641)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024429https://security-tracker.debian.org/tracker/source-package/lavahttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44641https://security-tracker.debian.org/tracker/CVE-2022-44641https://www.debian.org/lts/security/2023/dla-3276https://packages.debian.org/source/buster/lavaCVSS3
- Attack Vector
- Attack Complexity
- Privileges Required
- User Interaction
- Scope
- Confidentiality Impact
- Integrity Impact
- Availability Impact
- Network
- Low
- Low
- None
- Unchanged
- None
- None
- High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Back to Main