Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1664 (GCVE-0-2022-1664)
Vulnerability from cvelistv5 – Published: 2022-05-26 08:20 – Updated: 2024-09-17 02:16
VLAI?
EPSS
Title
directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Severity ?
No CVSS data available.
CWE
- directory traversal
Assigner
References
Date Public ?
2022-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpkg",
"vendor": "Debian",
"versions": [
{
"changes": [
{
"at": "1.20.10",
"status": "unaffected"
},
{
"at": "1.19.8",
"status": "unaffected"
},
{
"at": "1.18.26",
"status": "unaffected"
}
],
"lessThan": "1.21.8",
"status": "affected",
"version": "1.14.17",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
],
"source": {
"advisory": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
"defect": [
"DSA-5147-1"
],
"discovery": "EXTERNAL"
},
"title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2022-1664",
"datePublished": "2022-05-26T08:20:15.198Z",
"dateReserved": "2022-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:16:10.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.14.17\", \"versionEndExcluding\": \"1.18.26\", \"matchCriteriaId\": \"9046EF14-F981-4DC1-9158-55BA8C7BEE98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.19.0\", \"versionEndExcluding\": \"1.19.8\", \"matchCriteriaId\": \"F7C0D9DB-F9DD-49B3-B62D-A25E034FB370\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.20.0\", \"versionEndExcluding\": \"1.20.10\", \"matchCriteriaId\": \"F03A306C-0A44-4954-AE36-F24AF7F45470\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.21.0\", \"versionEndExcluding\": \"1.21.8\", \"matchCriteriaId\": \"639EB115-366E-4B3F-83A0-909C406FC009\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n Dpkg::Source::Archive en dpkg, el sistema de administraci\\u00f3n de paquetes de Debian, versiones anteriores a 1.21.8, 1.20.10, 1.19.8, 1.18.26, es propenso a una vulnerabilidad de salto de directorio. Cuando son extra\\u00eddos paquetes fuente no confiables en formatos de paquetes fuente v2 y v3 que incluyen un debian.tar, la extracci\\u00f3n en el lugar puede conllevar a situaciones de salto de directorio en los tarballs orig.tar y debian.tar especialmente dise\\u00f1ados\"}]",
"id": "CVE-2022-1664",
"lastModified": "2024-11-21T06:41:12.497",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-05-26T14:15:08.010",
"references": "[{\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495\", \"source\": \"security@debian.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5\", \"source\": \"security@debian.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b\", \"source\": \"security@debian.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be\", \"source\": \"security@debian.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html\", \"source\": \"security@debian.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2022/msg00115.html\", \"source\": \"security@debian.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221007-0002/\", \"source\": \"security@debian.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2022/msg00115.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221007-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1664\",\"sourceIdentifier\":\"security@debian.org\",\"published\":\"2022-05-26T14:15:08.010\",\"lastModified\":\"2024-11-21T06:41:12.497\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n Dpkg::Source::Archive en dpkg, el sistema de administraci\u00f3n de paquetes de Debian, versiones anteriores a 1.21.8, 1.20.10, 1.19.8, 1.18.26, es propenso a una vulnerabilidad de salto de directorio. Cuando son extra\u00eddos paquetes fuente no confiables en formatos de paquetes fuente v2 y v3 que incluyen un debian.tar, la extracci\u00f3n en el lugar puede conllevar a situaciones de salto de directorio en los tarballs orig.tar y debian.tar especialmente dise\u00f1ados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.17\",\"versionEndExcluding\":\"1.18.26\",\"matchCriteriaId\":\"9046EF14-F981-4DC1-9158-55BA8C7BEE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.8\",\"matchCriteriaId\":\"F7C0D9DB-F9DD-49B3-B62D-A25E034FB370\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"F03A306C-0A44-4954-AE36-F24AF7F45470\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.8\",\"matchCriteriaId\":\"639EB115-366E-4B3F-83A0-909C406FC009\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]}],\"references\":[{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495\",\"source\":\"security@debian.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5\",\"source\":\"security@debian.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b\",\"source\":\"security@debian.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be\",\"source\":\"security@debian.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html\",\"source\":\"security@debian.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-security-announce/2022/msg00115.html\",\"source\":\"security@debian.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221007-0002/\",\"source\":\"security@debian.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-security-announce/2022/msg00115.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221007-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GSD-2022-1664
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1664",
"description": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"id": "GSD-2022-1664",
"references": [
"https://www.debian.org/security/2022/dsa-5147",
"https://www.suse.com/security/cve/CVE-2022-1664.html",
"https://ubuntu.com/security/CVE-2022-1664",
"https://advisories.mageia.org/CVE-2022-1664.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1664"
],
"details": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"id": "GSD-2022-1664",
"modified": "2023-12-13T01:19:27.776690Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2022-05-25T00:00:00.000Z",
"ID": "CVE-2022-1664",
"STATE": "PUBLIC",
"TITLE": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpkg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.14.17",
"version_value": "1.21.8"
},
{
"version_affected": "\u003c",
"version_name": "1.14.17",
"version_value": "1.20.10"
},
{
"version_affected": "\u003c",
"version_name": "1.14.17",
"version_value": "1.19.8"
},
{
"version_affected": "\u003c",
"version_name": "1.14.17",
"version_value": "1.18.26"
}
]
}
}
]
},
"vendor_name": "Debian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b",
"refsource": "MISC",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5",
"refsource": "MISC",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495",
"refsource": "MISC",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be",
"refsource": "MISC",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"name": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20221007-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
]
},
"source": {
"advisory": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
"defect": [
"DSA-5147-1"
],
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.21.8",
"versionStartIncluding": "1.21.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.20.10",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.19.8",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.26",
"versionStartIncluding": "1.14.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2022-1664"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.debian.org/debian-security-announce/2022/msg00115.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"name": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"name": "https://security.netapp.com/advisory/ntap-20221007-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-12-03T02:19Z",
"publishedDate": "2022-05-26T14:15Z"
}
}
}
FKIE_CVE-2022-1664
Vulnerability from fkie_nvd - Published: 2022-05-26 14:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be | Mailing List, Patch, Vendor Advisory | |
| security@debian.org | https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html | Mailing List, Vendor Advisory | |
| security@debian.org | https://lists.debian.org/debian-security-announce/2022/msg00115.html | Mailing List, Vendor Advisory | |
| security@debian.org | https://security.netapp.com/advisory/ntap-20221007-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-security-announce/2022/msg00115.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221007-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | * | |
| debian | dpkg | * | |
| debian | dpkg | * | |
| debian | dpkg | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | ontap_select_deploy_administration_utility | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9046EF14-F981-4DC1-9158-55BA8C7BEE98",
"versionEndExcluding": "1.18.26",
"versionStartIncluding": "1.14.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C0D9DB-F9DD-49B3-B62D-A25E034FB370",
"versionEndExcluding": "1.19.8",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F03A306C-0A44-4954-AE36-F24AF7F45470",
"versionEndExcluding": "1.20.10",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "639EB115-366E-4B3F-83A0-909C406FC009",
"versionEndExcluding": "1.21.8",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs."
},
{
"lang": "es",
"value": "La funci\u00f3n Dpkg::Source::Archive en dpkg, el sistema de administraci\u00f3n de paquetes de Debian, versiones anteriores a 1.21.8, 1.20.10, 1.19.8, 1.18.26, es propenso a una vulnerabilidad de salto de directorio. Cuando son extra\u00eddos paquetes fuente no confiables en formatos de paquetes fuente v2 y v3 que incluyen un debian.tar, la extracci\u00f3n en el lugar puede conllevar a situaciones de salto de directorio en los tarballs orig.tar y debian.tar especialmente dise\u00f1ados"
}
],
"id": "CVE-2022-1664",
"lastModified": "2024-11-21T06:41:12.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T14:15:08.010",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0002/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VDE-2023-001
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2023-02-14 07:50 - Updated: 2025-06-05 13:28Summary
PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware
Notes
Summary: A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.
In addition, the following improvements have been implemented:
HMI
- Hardening against DoS attacks. - Hardening against memory leak problems in case of network attacks.
WBM
- Umlauts in the password of the 'User Manager' were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.- Hardening of WBM against Cross-Site-Scripting.
User Manager
- In security notifications 'SecurityToken' was always displayed as '0000000' when creating or modifying users.- Hardening of Trust and Identity Stores.
Impact: Please consult the CVE entries listed above.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CWE-20 - Improper Input Validation
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Git is an open source, scalable, distributed revision control system. 'git shell' is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an 'int' to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to 'execv()', it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to 'git shell' as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling 'git shell' access via remote logins is a viable short-term workaround.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's '$GIT_DIR/objects' directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via '--no-hardlinks'). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the '--recurse-submodules' option. Git does not create symbolic links in the '$GIT_DIR/objects' directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the '--local' optimization when on a shared machine, either by passing the '--no-local' option to 'git clone' or cloning from a URL that uses the 'file://' scheme. Alternatively, avoid cloning repositories from untrusted sources with '--recurse-submodules' or run 'git config --global protocol.file.allow user'.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
6.6 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
5.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
5.9 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A malicious server can serve excessive amounts of 'Set-Cookie:' headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on 'foo.example.com' can set cookies that also would match for 'bar.example.com', making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Use After Free in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.\nIn addition, the following improvements\u00a0have been implemented:\nHMI\n- Hardening against DoS attacks. - Hardening against memory leak problems in case of network attacks.\nWBM\n- Umlauts in the password of the \u0027User Manager\u0027 were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.- Hardening of WBM against Cross-Site-Scripting.\nUser Manager\n- In security notifications \u0027SecurityToken\u0027 was always displayed as \u00270000000\u0027 when creating or modifying users.- Hardening of Trust and Identity Stores.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVE entries listed above.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-001: PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-001/"
},
{
"category": "self",
"summary": "VDE-2023-001: PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-001.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
}
],
"title": "PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2023-001"
],
"current_release_date": "2025-06-05T13:28:12.000Z",
"generator": {
"date": "2025-05-08T11:33:36.410Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2023-001",
"initial_release_date": "2023-02-14T07:50:00.000Z",
"revision_history": [
{
"date": "2023-02-14T07:50:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-06-05T13:28:12.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072R",
"product": {
"name": "RFC 4072R",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2023.0.0 LTS",
"product": {
"name": "Firmware \u003c2023.0.0 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2023.0.0 LTS",
"product": {
"name": "Firmware 2023.0.0 LTS",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on RFC 4072R",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on RFC 4072R",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30065",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "A use-after-free in Busybox 1.35-x\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-30065"
},
{
"cve": "CVE-2022-40674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-35252",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.7,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42916",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-1664",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1664"
},
{
"cve": "CVE-2022-1304",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1304"
},
{
"cve": "CVE-2022-29187",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "description",
"text": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-29187"
},
{
"cve": "CVE-2022-39260",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Git is an open source, scalable, distributed revision control system. \u0027git shell\u0027 is a restricted login shell that can be used to implement Git\u0027s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an \u0027int\u0027 to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to \u0027execv()\u0027, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to \u0027git shell\u0027 as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling \u0027git shell\u0027 access via remote logins is a viable short-term workaround.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-39260"
},
{
"cve": "CVE-2022-39253",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "description",
"text": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source\u0027s \u0027$GIT_DIR/objects\u0027 directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via \u0027--no-hardlinks\u0027). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim\u0027s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the \u0027--recurse-submodules\u0027 option. Git does not create symbolic links in the \u0027$GIT_DIR/objects\u0027 directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the \u0027--local\u0027 optimization when on a shared machine, either by passing the \u0027--no-local\u0027 option to \u0027git clone\u0027 or cloning from a URL that uses the \u0027file://\u0027 scheme. Alternatively, avoid cloning repositories from untrusted sources with \u0027--recurse-submodules\u0027 or run \u0027git config --global protocol.file.allow user\u0027.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-39253"
},
{
"cve": "CVE-2022-42915",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-2509",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2509"
},
{
"cve": "CVE-2021-46828",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-46828"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-1015",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1015"
},
{
"cve": "CVE-2022-1016",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \u0027return\u0027 with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1016"
},
{
"cve": "CVE-2022-1348",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1348"
},
{
"cve": "CVE-2022-2097",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-42919",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2002-20001",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2002-20001"
},
{
"cve": "CVE-2022-40617",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40617"
},
{
"cve": "CVE-2022-43995",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-43995"
},
{
"cve": "CVE-2022-2522",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2522"
},
{
"cve": "CVE-2022-2571",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2571"
},
{
"cve": "CVE-2022-2580",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2580"
},
{
"cve": "CVE-2022-2581",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2581"
},
{
"cve": "CVE-2022-2598",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2598"
},
{
"cve": "CVE-2022-3234",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3234"
},
{
"cve": "CVE-2022-3235",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3235"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-3256",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0530.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3256"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-3278",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3278"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-3296",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3296"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "A malicious server can serve excessive amounts of \u0027Set-Cookie:\u0027 headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \u0027foo.example.com\u0027 can set cookies that also would match for \u0027bar.example.com\u0027, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-3297",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0579.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3297"
},
{
"cve": "CVE-2022-3324",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3324"
},
{
"cve": "CVE-2022-3352",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3352"
},
{
"cve": "CVE-2022-3705",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3705"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-1927",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-2129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-2183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2343",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2207",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2210",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2304",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2304"
},
{
"cve": "CVE-2022-2345",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2208",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2287",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2285",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2285"
},
{
"cve": "CVE-2022-2284",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2289",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2264",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2206",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2257"
}
]
}
OPENSUSE-SU-2024:12110-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
dpkg-1.21.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: dpkg-1.21.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the dpkg-1.21.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12110
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "dpkg-1.21.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the dpkg-1.21.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12110",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12110-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1664/"
}
],
"title": "dpkg-1.21.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12110-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.21.8-1.1.aarch64",
"product": {
"name": "dpkg-1.21.8-1.1.aarch64",
"product_id": "dpkg-1.21.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.21.8-1.1.aarch64",
"product": {
"name": "dpkg-devel-1.21.8-1.1.aarch64",
"product_id": "dpkg-devel-1.21.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "dpkg-lang-1.21.8-1.1.aarch64",
"product": {
"name": "dpkg-lang-1.21.8-1.1.aarch64",
"product_id": "dpkg-lang-1.21.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.21.8-1.1.ppc64le",
"product": {
"name": "dpkg-1.21.8-1.1.ppc64le",
"product_id": "dpkg-1.21.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.21.8-1.1.ppc64le",
"product": {
"name": "dpkg-devel-1.21.8-1.1.ppc64le",
"product_id": "dpkg-devel-1.21.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dpkg-lang-1.21.8-1.1.ppc64le",
"product": {
"name": "dpkg-lang-1.21.8-1.1.ppc64le",
"product_id": "dpkg-lang-1.21.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.21.8-1.1.s390x",
"product": {
"name": "dpkg-1.21.8-1.1.s390x",
"product_id": "dpkg-1.21.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.21.8-1.1.s390x",
"product": {
"name": "dpkg-devel-1.21.8-1.1.s390x",
"product_id": "dpkg-devel-1.21.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "dpkg-lang-1.21.8-1.1.s390x",
"product": {
"name": "dpkg-lang-1.21.8-1.1.s390x",
"product_id": "dpkg-lang-1.21.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.21.8-1.1.x86_64",
"product": {
"name": "dpkg-1.21.8-1.1.x86_64",
"product_id": "dpkg-1.21.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.21.8-1.1.x86_64",
"product": {
"name": "dpkg-devel-1.21.8-1.1.x86_64",
"product_id": "dpkg-devel-1.21.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "dpkg-lang-1.21.8-1.1.x86_64",
"product": {
"name": "dpkg-lang-1.21.8-1.1.x86_64",
"product_id": "dpkg-lang-1.21.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.21.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-1.21.8-1.1.aarch64"
},
"product_reference": "dpkg-1.21.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.21.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-1.21.8-1.1.ppc64le"
},
"product_reference": "dpkg-1.21.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.21.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-1.21.8-1.1.s390x"
},
"product_reference": "dpkg-1.21.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.21.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-1.21.8-1.1.x86_64"
},
"product_reference": "dpkg-1.21.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.21.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.aarch64"
},
"product_reference": "dpkg-devel-1.21.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.21.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.ppc64le"
},
"product_reference": "dpkg-devel-1.21.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.21.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.s390x"
},
"product_reference": "dpkg-devel-1.21.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.21.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.x86_64"
},
"product_reference": "dpkg-devel-1.21.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-lang-1.21.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.aarch64"
},
"product_reference": "dpkg-lang-1.21.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-lang-1.21.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.ppc64le"
},
"product_reference": "dpkg-lang-1.21.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-lang-1.21.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.s390x"
},
"product_reference": "dpkg-lang-1.21.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-lang-1.21.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.x86_64"
},
"product_reference": "dpkg-lang-1.21.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1664"
}
],
"notes": [
{
"category": "general",
"text": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.x86_64",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.x86_64",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1664",
"url": "https://www.suse.com/security/cve/CVE-2022-1664"
},
{
"category": "external",
"summary": "SUSE Bug 1199944 for CVE-2022-1664",
"url": "https://bugzilla.suse.com/1199944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.x86_64",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.x86_64",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-1.21.8-1.1.x86_64",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-devel-1.21.8-1.1.x86_64",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.aarch64",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.ppc64le",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.s390x",
"openSUSE Tumbleweed:dpkg-lang-1.21.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-1664"
}
]
}
BDU:2022-05892
Vulnerability from fstec - Published: 26.05.2022
VLAI Severity ?
Title
Уязвимость компонента Dpkg::Source::Archive менеджера пакетов Dpkg, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Description
Уязвимость компонента Dpkg::Source::Archive менеджера пакетов Dpkg связана с недостатками ограничения имени пути к каталогу. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Dpkg, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), от 1.14.17 до 1.18.26 (Dpkg), от 1.19.0 до 1.19.8 (Dpkg), от 1.20.0 до 1.20.10 (Dpkg), от 1.21.0 до 1.21.8 (Dpkg), 4.7 (Astra Linux Special Edition), до 2.7 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Для Dpkg:
использование рекомендаций производителя: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2022-1664
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения dpkg до версии 1.19.8osnova18
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет dpkg до 1.18.26.astra.se2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения dpkg до версии 1.18.26osnova16
Reference
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html
https://lists.debian.org/debian-security-announce/2022/msg00115.html
https://nvd.nist.gov/vuln/detail/CVE-2022-1664
https://security-tracker.debian.org/tracker/CVE-2022-1664
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-22
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), \u043e\u0442 1.14.17 \u0434\u043e 1.18.26 (Dpkg), \u043e\u0442 1.19.0 \u0434\u043e 1.19.8 (Dpkg), \u043e\u0442 1.20.0 \u0434\u043e 1.20.10 (Dpkg), \u043e\u0442 1.21.0 \u0434\u043e 1.21.8 (Dpkg), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Dpkg:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2022-1664\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f dpkg \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.19.8osnova18\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 dpkg \u0434\u043e 1.18.26.astra.se2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f dpkg \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.18.26osnova16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.05.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05892",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1664",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Dpkg, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Dpkg::Source::Archive \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 Dpkg, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Dpkg::Source::Archive \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 Dpkg \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495\nhttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5\nhttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b\nhttps://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be\nhttps://lists.debian.org/debian-lts-announce/2022/05/msg00033.html\nhttps://lists.debian.org/debian-security-announce/2022/msg00115.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1664\nhttps://security-tracker.debian.org/tracker/CVE-2022-1664\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
WID-SEC-W-2022-0932
Vulnerability from csaf_certbund - Published: 2022-05-26 22:00 - Updated: 2024-08-11 22:00Summary
dpkg: Schwachstelle ermöglicht Manipulation von Dateien
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: dpkg ist die Basis der Paketverwaltung verschiedener Linux Distributionen.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in dpkg ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
Es existiert eine Schwachstelle in dpkg. Bestimmte Quellpakete werden beim Entpacken aufgrund eines Eingabevalidierungsfehlers in Dpkg::Source::Archive in dpkg, unsachgemäß verarbeitet. Ein entfernter anonymer Angreifer kann ein speziell präpariertes Paket mit symbolischen Links erstellen, die auf Dateien außerhalb des Wurzelverzeichnisses des Quellbaums zeigen und beliebige Dateien auf dem System überschreiben. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
References
| URL | Category | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "dpkg ist die Basis der Paketverwaltung verschiedener Linux Distributionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in dpkg ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0932 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0932.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0932 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0932"
},
{
"category": "external",
"summary": "Debian Security Announce vom 2022-05-26",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"category": "external",
"summary": "Debian Security Announce vom 2022-05-26",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"category": "external",
"summary": "Ubuntu Security Advisory",
"url": "https://ubuntu.com/security/notices/USN-5446-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5446-2 vom 2022-05-30",
"url": "https://ubuntu.com/security/notices/USN-5446-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2689-1 vom 2022-08-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011813.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4081-1 vom 2022-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012992.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-30 vom 2024-08-12",
"url": "https://security.gentoo.org/glsa/202408-30"
}
],
"source_lang": "en-US",
"title": "dpkg: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2024-08-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:32:53.616+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0932",
"initial_release_date": "2022-05-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-05-30T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-08-07T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-20T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source dpkg",
"product": {
"name": "Open Source dpkg",
"product_id": "T003052",
"product_identification_helper": {
"cpe": "cpe:/a:dpkg:dpkg:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1664",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in dpkg. Bestimmte Quellpakete werden beim Entpacken aufgrund eines Eingabevalidierungsfehlers in Dpkg::Source::Archive in dpkg, unsachgem\u00e4\u00df verarbeitet. Ein entfernter anonymer Angreifer kann ein speziell pr\u00e4pariertes Paket mit symbolischen Links erstellen, die auf Dateien au\u00dferhalb des Wurzelverzeichnisses des Quellbaums zeigen und beliebige Dateien auf dem System \u00fcberschreiben. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T002207",
"T000126",
"T012167",
"T003052"
]
},
"release_date": "2022-05-26T22:00:00.000+00:00",
"title": "CVE-2022-1664"
}
]
}
SUSE-SU-2022:4081-1
Vulnerability from csaf_suse - Published: 2022-11-18 14:41 - Updated: 2022-11-18 14:41Summary
Security update for dpkg
Severity
Low
Notes
Title of the patch: Security update for dpkg
Description of the patch: This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
Patchnames: SUSE-2022-4081,SUSE-SLE-Micro-5.3-2022-4081,SUSE-SLE-Module-Basesystem-15-SP3-2022-4081,SUSE-SLE-Module-Basesystem-15-SP4-2022-4081,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4081,SUSE-SLE-Module-Development-Tools-15-SP4-2022-4081,SUSE-SLE-Product-HPC-15-2022-4081,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4081,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4081,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4081,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4081,SUSE-SLE-Product-SLES-15-2022-4081,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4081,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4081,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4081,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4081,SUSE-SLE-Product-SLES_SAP-15-2022-4081,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4081,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4081,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4081,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4081,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4081,SUSE-SUSE-MicroOS-5.1-2022-4081,SUSE-SUSE-MicroOS-5.2-2022-4081,SUSE-Storage-6-2022-4081,SUSE-Storage-7-2022-4081,openSUSE-Leap-Micro-5.2-2022-4081,openSUSE-Leap-Micro-5.3-2022-4081,openSUSE-SLE-15.3-2022-4081,openSUSE-SLE-15.4-2022-4081
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dpkg",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dpkg fixes the following issues:\n\n- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4081,SUSE-SLE-Micro-5.3-2022-4081,SUSE-SLE-Module-Basesystem-15-SP3-2022-4081,SUSE-SLE-Module-Basesystem-15-SP4-2022-4081,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4081,SUSE-SLE-Module-Development-Tools-15-SP4-2022-4081,SUSE-SLE-Product-HPC-15-2022-4081,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4081,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4081,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4081,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4081,SUSE-SLE-Product-SLES-15-2022-4081,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4081,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4081,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4081,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4081,SUSE-SLE-Product-SLES_SAP-15-2022-4081,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4081,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4081,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4081,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4081,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4081,SUSE-SUSE-MicroOS-5.1-2022-4081,SUSE-SUSE-MicroOS-5.2-2022-4081,SUSE-Storage-6-2022-4081,SUSE-Storage-7-2022-4081,openSUSE-Leap-Micro-5.2-2022-4081,openSUSE-Leap-Micro-5.3-2022-4081,openSUSE-SLE-15.3-2022-4081,openSUSE-SLE-15.4-2022-4081",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4081-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4081-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224081-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4081-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012992.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199944",
"url": "https://bugzilla.suse.com/1199944"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1664/"
}
],
"title": "Security update for dpkg",
"tracking": {
"current_release_date": "2022-11-18T14:41:19Z",
"generator": {
"date": "2022-11-18T14:41:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4081-1",
"initial_release_date": "2022-11-18T14:41:19Z",
"revision_history": [
{
"date": "2022-11-18T14:41:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"product": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"product_id": "dpkg-1.19.0.4-150000.4.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"product": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"product_id": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"product": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"product_id": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.19.0.4-150000.4.4.1.i586",
"product": {
"name": "dpkg-1.19.0.4-150000.4.4.1.i586",
"product_id": "dpkg-1.19.0.4-150000.4.4.1.i586"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.i586",
"product": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.i586",
"product_id": "dpkg-devel-1.19.0.4-150000.4.4.1.i586"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.19.0.4-150000.4.4.1.i586",
"product": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.i586",
"product_id": "update-alternatives-1.19.0.4-150000.4.4.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"product": {
"name": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"product_id": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"product": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"product_id": "dpkg-1.19.0.4-150000.4.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"product": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"product_id": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"product": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"product_id": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"product": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"product_id": "dpkg-1.19.0.4-150000.4.4.1.s390x"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"product": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"product_id": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"product": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"product_id": "update-alternatives-1.19.0.4-150000.4.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"product": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"product_id": "dpkg-1.19.0.4-150000.4.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"product": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"product_id": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"product": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"product_id": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dpkg-lang-1.19.0.4-150000.4.4.1.noarch"
},
"product_reference": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:dpkg-lang-1.19.0.4-150000.4.4.1.noarch"
},
"product_reference": "dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.s390x"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
},
"product_reference": "update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1664"
}
],
"notes": [
{
"category": "general",
"text": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1664",
"url": "https://www.suse.com/security/cve/CVE-2022-1664"
},
{
"category": "external",
"summary": "SUSE Bug 1199944 for CVE-2022-1664",
"url": "https://bugzilla.suse.com/1199944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 6:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Enterprise Storage 7:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Proxy 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"SUSE Manager Server 4.1:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.3:dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:dpkg-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:dpkg-devel-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap 15.4:dpkg-lang-1.19.0.4-150000.4.4.1.noarch",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.ppc64le",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.s390x",
"openSUSE Leap 15.4:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap Micro 5.2:update-alternatives-1.19.0.4-150000.4.4.1.x86_64",
"openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.aarch64",
"openSUSE Leap Micro 5.3:update-alternatives-1.19.0.4-150000.4.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-18T14:41:19Z",
"details": "moderate"
}
],
"title": "CVE-2022-1664"
}
]
}
SUSE-SU-2022:2689-1
Vulnerability from csaf_suse - Published: 2022-08-05 13:46 - Updated: 2022-08-05 13:46Summary
Security update for dpkg
Severity
Low
Notes
Title of the patch: Security update for dpkg
Description of the patch: This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
Patchnames: SUSE-2022-2689,SUSE-SLE-SERVER-12-SP5-2022-2689
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dpkg",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dpkg fixes the following issues:\n\n- CVE-2022-1664: Fixed directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-2689,SUSE-SLE-SERVER-12-SP5-2022-2689",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_2689-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:2689-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222689-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:2689-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011813.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199944",
"url": "https://bugzilla.suse.com/1199944"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1664/"
}
],
"title": "Security update for dpkg",
"tracking": {
"current_release_date": "2022-08-05T13:46:02Z",
"generator": {
"date": "2022-08-05T13:46:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:2689-1",
"initial_release_date": "2022-08-05T13:46:02Z",
"revision_history": [
{
"date": "2022-08-05T13:46:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.18.4-16.3.5.aarch64",
"product": {
"name": "dpkg-1.18.4-16.3.5.aarch64",
"product_id": "dpkg-1.18.4-16.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.18.4-16.3.5.aarch64",
"product": {
"name": "dpkg-devel-1.18.4-16.3.5.aarch64",
"product_id": "dpkg-devel-1.18.4-16.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.18.4-16.3.5.aarch64",
"product": {
"name": "update-alternatives-1.18.4-16.3.5.aarch64",
"product_id": "update-alternatives-1.18.4-16.3.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.18.4-16.3.5.i586",
"product": {
"name": "dpkg-1.18.4-16.3.5.i586",
"product_id": "dpkg-1.18.4-16.3.5.i586"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.18.4-16.3.5.i586",
"product": {
"name": "dpkg-devel-1.18.4-16.3.5.i586",
"product_id": "dpkg-devel-1.18.4-16.3.5.i586"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.18.4-16.3.5.i586",
"product": {
"name": "update-alternatives-1.18.4-16.3.5.i586",
"product_id": "update-alternatives-1.18.4-16.3.5.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-lang-1.18.4-16.3.5.noarch",
"product": {
"name": "dpkg-lang-1.18.4-16.3.5.noarch",
"product_id": "dpkg-lang-1.18.4-16.3.5.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.18.4-16.3.5.ppc64le",
"product": {
"name": "dpkg-1.18.4-16.3.5.ppc64le",
"product_id": "dpkg-1.18.4-16.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.18.4-16.3.5.ppc64le",
"product": {
"name": "dpkg-devel-1.18.4-16.3.5.ppc64le",
"product_id": "dpkg-devel-1.18.4-16.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.18.4-16.3.5.ppc64le",
"product": {
"name": "update-alternatives-1.18.4-16.3.5.ppc64le",
"product_id": "update-alternatives-1.18.4-16.3.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.18.4-16.3.5.s390",
"product": {
"name": "dpkg-1.18.4-16.3.5.s390",
"product_id": "dpkg-1.18.4-16.3.5.s390"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.18.4-16.3.5.s390",
"product": {
"name": "dpkg-devel-1.18.4-16.3.5.s390",
"product_id": "dpkg-devel-1.18.4-16.3.5.s390"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.18.4-16.3.5.s390",
"product": {
"name": "update-alternatives-1.18.4-16.3.5.s390",
"product_id": "update-alternatives-1.18.4-16.3.5.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.18.4-16.3.5.s390x",
"product": {
"name": "dpkg-1.18.4-16.3.5.s390x",
"product_id": "dpkg-1.18.4-16.3.5.s390x"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.18.4-16.3.5.s390x",
"product": {
"name": "dpkg-devel-1.18.4-16.3.5.s390x",
"product_id": "dpkg-devel-1.18.4-16.3.5.s390x"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.18.4-16.3.5.s390x",
"product": {
"name": "update-alternatives-1.18.4-16.3.5.s390x",
"product_id": "update-alternatives-1.18.4-16.3.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dpkg-1.18.4-16.3.5.x86_64",
"product": {
"name": "dpkg-1.18.4-16.3.5.x86_64",
"product_id": "dpkg-1.18.4-16.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "dpkg-devel-1.18.4-16.3.5.x86_64",
"product": {
"name": "dpkg-devel-1.18.4-16.3.5.x86_64",
"product_id": "dpkg-devel-1.18.4-16.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "update-alternatives-1.18.4-16.3.5.x86_64",
"product": {
"name": "update-alternatives-1.18.4-16.3.5.x86_64",
"product_id": "update-alternatives-1.18.4-16.3.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.s390x"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.s390x"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "update-alternatives-1.18.4-16.3.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64"
},
"product_reference": "update-alternatives-1.18.4-16.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1664"
}
],
"notes": [
{
"category": "general",
"text": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1664",
"url": "https://www.suse.com/security/cve/CVE-2022-1664"
},
{
"category": "external",
"summary": "SUSE Bug 1199944 for CVE-2022-1664",
"url": "https://bugzilla.suse.com/1199944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:update-alternatives-1.18.4-16.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-08-05T13:46:02Z",
"details": "moderate"
}
],
"title": "CVE-2022-1664"
}
]
}
GHSA-Q7PV-FJH6-6XQ6
Vulnerability from github – Published: 2022-05-27 00:01 – Updated: 2022-06-08 00:00
VLAI?
Details
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-1664"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-26T14:15:00Z",
"severity": "CRITICAL"
},
"details": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"id": "GHSA-q7pv-fjh6-6xq6",
"modified": "2022-06-08T00:00:43Z",
"published": "2022-05-27T00:01:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1664"
},
{
"type": "WEB",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495"
},
{
"type": "WEB",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5"
},
{
"type": "WEB",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b"
},
{
"type": "WEB",
"url": "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00115.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221007-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2022-1664
Vulnerability from csaf_microsoft - Published: 2022-05-02 00:00 - Updated: 2022-06-08 00:00Summary
directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
9.8 (Critical)
Vendor Fix
1.20.10-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1664 directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-1664.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar",
"tracking": {
"current_release_date": "2022-06-08T00:00:00.000Z",
"generator": {
"date": "2025-10-19T23:32:50.749Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-1664",
"initial_release_date": "2022-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2022-06-08T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 dpkg 1.20.10-1",
"product": {
"name": "\u003ccbl2 dpkg 1.20.10-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 dpkg 1.20.10-1",
"product": {
"name": "cbl2 dpkg 1.20.10-1",
"product_id": "19489"
}
}
],
"category": "product_name",
"name": "dpkg"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 dpkg 1.20.10-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 dpkg 1.20.10-1 as a component of CBL Mariner 2.0",
"product_id": "19489-17086"
},
"product_reference": "19489",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1664",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "general",
"text": "debian",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19489-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-1664 directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-1664.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-08T00:00:00.000Z",
"details": "1.20.10-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…