CVE-2022-2663 - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confuse

CVE-2022-2663

Summary

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-923

CAPEC

Activity Hijack
An adversary intercepts an implicit intent sent to launch a trusted activity and instead launches a counterfeit activity in its place. The malicious activity is then used to mimic the trusted activity's user interface and prompt the target to enter sensitive data as if they were interacting with the trusted activity.

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

12-02-2023 - 22:15

Published

01-09-2022 - 21:15

Last modified

12-02-2023 - 22:15