CWE-755
DiscouragedImproper Handling of Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not handle or incorrectly handles an exceptional condition.
686 vulnerabilities reference this CWE, most recent first.
GHSA-CG69-5R4F-47Q5
Vulnerability from github – Published: 2022-05-24 19:18 – Updated: 2022-05-24 19:18A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.
{
"affected": [],
"aliases": [
"CVE-2021-34781"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-27T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.",
"id": "GHSA-cg69-5r4f-47q5",
"modified": "2022-05-24T19:18:54Z",
"published": "2022-05-24T19:18:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34781"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-rUDseW3r"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CH4C-278Q-5654
Vulnerability from github – Published: 2022-09-14 00:00 – Updated: 2024-10-25 21:32rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rdiffweb"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.1"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.4.1"
]
}
],
"aliases": [
"CVE-2022-3175"
],
"database_specific": {
"cwe_ids": [
"CWE-755",
"CWE-756"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-15T03:23:16Z",
"nvd_published_at": "2022-09-13T10:15:00Z",
"severity": "MODERATE"
},
"details": "rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue.",
"id": "GHSA-ch4c-278q-5654",
"modified": "2024-10-25T21:32:58Z",
"published": "2022-09-14T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3175"
},
{
"type": "WEB",
"url": "https://github.com/ikus060/rdiffweb/commit/233befc33bdc45d4838c773d5aed4408720504c5"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-ch4c-278q-5654"
},
{
"type": "PACKAGE",
"url": "https://github.com/ikus060/rdiffweb"
},
{
"type": "WEB",
"url": "https://github.com/ikus060/rdiffweb/blob/4d1232cd0586eb79d1a921969f8f7a198a00d92b/README.md?plain=1#L149"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-273.yaml"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/c40badc3-c9e7-4b69-9e2e-2b9f05865159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "rdiffweb Missing Custom Error Page"
}
GHSA-CJ4F-M7FJ-58GV
Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 18:30In the Linux kernel, the following vulnerability has been resolved:
parisc: Clear stale IIR value on instruction access rights trap
When a trap 7 (Instruction access rights) occurs, this means the CPU couldn't execute an instruction due to missing execute permissions on the memory region. In this case it seems the CPU didn't even fetched the instruction from memory and thus did not store it in the cr19 (IIR) register before calling the trap handler. So, the trap handler will find some random old stale value in cr19.
This patch simply overwrites the stale IIR value with a constant magic "bad food" value (0xbaadf00d), in the hope people don't start to try to understand the various random IIR values in trap 7 dumps.
{
"affected": [],
"aliases": [
"CVE-2021-46928"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-27T10:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Clear stale IIR value on instruction access rights trap\n\nWhen a trap 7 (Instruction access rights) occurs, this means the CPU\ncouldn\u0027t execute an instruction due to missing execute permissions on\nthe memory region. In this case it seems the CPU didn\u0027t even fetched\nthe instruction from memory and thus did not store it in the cr19 (IIR)\nregister before calling the trap handler. So, the trap handler will find\nsome random old stale value in cr19.\n\nThis patch simply overwrites the stale IIR value with a constant magic\n\"bad food\" value (0xbaadf00d), in the hope people don\u0027t start to try to\nunderstand the various random IIR values in trap 7 dumps.",
"id": "GHSA-cj4f-m7fj-58gv",
"modified": "2024-04-10T18:30:46Z",
"published": "2024-02-27T12:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46928"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/484730e5862f6b872dca13840bed40fd7c60fa26"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d01e9ce1af6116f812491d3d3873d204f10ae0b8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e96373f0a5f484bc1e193f9951dcb3adf24bf3f7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMHW-5XGQ-4JX5
Vulnerability from github – Published: 2022-10-25 19:00 – Updated: 2022-10-27 19:00A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The /action/import_sdk_file/ API is affected by command injection vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-35268"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-20",
"CWE-755",
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-25T17:15:00Z",
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_sdk_file/` API is affected by command injection vulnerability.",
"id": "GHSA-cmhw-5xgq-4jx5",
"modified": "2022-10-27T19:00:38Z",
"published": "2022-10-25T19:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35268"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CP97-6MF7-2CVP
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-22292"
],
"database_specific": {
"cwe_ids": [
"CWE-248",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:16Z",
"severity": "HIGH"
},
"details": "Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-cp97-6mf7-2cvp",
"modified": "2023-11-14T21:31:01Z",
"published": "2023-11-14T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22292"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CPH4-FPFM-5H8W
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-07-26 00:01A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
{
"affected": [],
"aliases": [
"CVE-2020-14304"
],
"database_specific": {
"cwe_ids": [
"CWE-460",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-15T20:15:00Z",
"severity": "MODERATE"
},
"details": "A memory disclosure flaw was found in the Linux kernel\u0027s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.",
"id": "GHSA-cph4-fpfm-5h8w",
"modified": "2022-07-26T00:01:10Z",
"published": "2022-05-24T17:28:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14304"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CX3X-JR7V-GVM8
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.
{
"affected": [],
"aliases": [
"CVE-2017-6628"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-03T21:59:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.",
"id": "GHSA-cx3x-jr7v-gvm8",
"modified": "2022-05-13T01:46:41Z",
"published": "2022-05-13T01:46:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6628"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98294"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CXRR-PHF8-4PFV
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:37An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.
{
"affected": [],
"aliases": [
"CVE-2019-18668"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-02T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does not exist, it will be selected, but a price amount will fall back to the default currency. This means that if an attacker provides a currency that does not exist and is worth less than this default, the attacker can eventually purchase an item for a significantly cheaper price.",
"id": "GHSA-cxrr-phf8-4pfv",
"modified": "2024-04-04T02:37:50Z",
"published": "2022-05-24T17:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18668"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/currency-switcher-woocommerce/#developers"
},
{
"type": "WEB",
"url": "https://wpvulndb.com/vulnerabilities/9936"
},
{
"type": "WEB",
"url": "https://www.infigo.hr/en/critical-vulnerability-in-currency-switcher-for-woocommerce-n61"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CXW3-2F59-5P7F
Vulnerability from github – Published: 2024-10-21 18:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
static_call: Handle module init failure correctly in static_call_del_module()
Module insertion invokes static_call_add_module() to initialize the static calls in a module. static_call_add_module() invokes __static_call_init(), which allocates a struct static_call_mod to either encapsulate the built-in static call sites of the associated key into it so further modules can be added or to append the module to the module chain.
If that allocation fails the function returns with an error code and the module core invokes static_call_del_module() to clean up eventually added static_call_mod entries.
This works correctly, when all keys used by the module were converted over to a module chain before the failure. If not then static_call_del_module() causes a #GP as it blindly assumes that key::mods points to a valid struct static_call_mod.
The problem is that key::mods is not a individual struct member of struct static_call_key, it's part of a union to save space:
union {
/* bit 0: 0 = mods, 1 = sites */
unsigned long type;
struct static_call_mod *mods;
struct static_call_site *sites;
};
key::sites is a pointer to the list of built-in usage sites of the static call. The type of the pointer is differentiated by bit 0. A mods pointer has the bit clear, the sites pointer has the bit set.
As static_call_del_module() blidly assumes that the pointer is a valid static_call_mod type, it fails to check for this failure case and dereferences the pointer to the list of built-in call sites, which is obviously bogus.
Cure it by checking whether the key has a sites or a mods pointer.
If it's a sites pointer then the key is not to be touched. As the sites are walked in the same order as in __static_call_init() the site walk can be terminated because all subsequent sites have not been touched by the init code due to the error exit.
If it was converted before the allocation fail, then the inner loop which searches for a module match will find nothing.
A fail in the second allocation in __static_call_init() is harmless and does not require special treatment. The first allocation succeeded and converted the key to a module chain. That first entry has mod::mod == NULL and mod::next == NULL, so the inner loop of static_call_del_module() will neither find a module match nor a module chain. The next site in the walk was either already converted, but can't match the module, or it will exit the outer loop because it has a static_call_site pointer and not a static_call_mod pointer.
{
"affected": [],
"aliases": [
"CVE-2024-50002"
],
"database_specific": {
"cwe_ids": [
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstatic_call: Handle module init failure correctly in static_call_del_module()\n\nModule insertion invokes static_call_add_module() to initialize the static\ncalls in a module. static_call_add_module() invokes __static_call_init(),\nwhich allocates a struct static_call_mod to either encapsulate the built-in\nstatic call sites of the associated key into it so further modules can be\nadded or to append the module to the module chain.\n\nIf that allocation fails the function returns with an error code and the\nmodule core invokes static_call_del_module() to clean up eventually added\nstatic_call_mod entries.\n\nThis works correctly, when all keys used by the module were converted over\nto a module chain before the failure. If not then static_call_del_module()\ncauses a #GP as it blindly assumes that key::mods points to a valid struct\nstatic_call_mod.\n\nThe problem is that key::mods is not a individual struct member of struct\nstatic_call_key, it\u0027s part of a union to save space:\n\n union {\n /* bit 0: 0 = mods, 1 = sites */\n unsigned long type;\n struct static_call_mod *mods;\n struct static_call_site *sites;\n\t};\n\nkey::sites is a pointer to the list of built-in usage sites of the static\ncall. The type of the pointer is differentiated by bit 0. A mods pointer\nhas the bit clear, the sites pointer has the bit set.\n\nAs static_call_del_module() blidly assumes that the pointer is a valid\nstatic_call_mod type, it fails to check for this failure case and\ndereferences the pointer to the list of built-in call sites, which is\nobviously bogus.\n\nCure it by checking whether the key has a sites or a mods pointer.\n\nIf it\u0027s a sites pointer then the key is not to be touched. As the sites are\nwalked in the same order as in __static_call_init() the site walk can be\nterminated because all subsequent sites have not been touched by the init\ncode due to the error exit.\n\nIf it was converted before the allocation fail, then the inner loop which\nsearches for a module match will find nothing.\n\nA fail in the second allocation in __static_call_init() is harmless and\ndoes not require special treatment. The first allocation succeeded and\nconverted the key to a module chain. That first entry has mod::mod == NULL\nand mod::next == NULL, so the inner loop of static_call_del_module() will\nneither find a module match nor a module chain. The next site in the walk\nwas either already converted, but can\u0027t match the module, or it will exit\nthe outer loop because it has a static_call_site pointer and not a\nstatic_call_mod pointer.",
"id": "GHSA-cxw3-2f59-5p7f",
"modified": "2025-11-04T00:31:44Z",
"published": "2024-10-21T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50002"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2b494471797bff3d257e99dc0a7abb0c5ff3b4cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4b30051c4864234ec57290c3d142db7c88f10d8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c48c2b53191bf991361998f5bb97b8f2fc5a89c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b566c7d8a2de403ccc9d8a06195e19bbb386d0e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0abbbe8c98c077292221ec7e2baa667c9f0974c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed4c8ce0f307f2ab8778aeb40a8866d171e8f128"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F266-7P9X-6359
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-07-13 00:01In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
{
"affected": [],
"aliases": [
"CVE-2021-28876"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-11T20:15:00Z",
"severity": "HIGH"
},
"details": "In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.",
"id": "GHSA-f266-7p9x-6359",
"modified": "2022-07-13T00:01:15Z",
"published": "2022-05-24T17:47:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28876"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang/rust/issues/81740"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang/rust/pull/81741"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUO3URYCO73D2Q4WYJBWAMJWGGVXQO4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZG65GUW6Z2CYOQHF7T3TB5CZKIX6ZJE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.