{"vulnerability": "CVE-2022-4883", "sightings": [{"uuid": "c9186444-b432-48ff-954c-de454edf8c07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48831", "type": "seen", "source": "https://t.me/cvedetector/932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48831 - Linux Kernel IMA Asymmetric Verification Reference Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48831 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nima: fix reference leak in asymmetric_verify()  \n  \nDon't leak a reference to the key if its algorithm is unknown. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:13.000000Z"}, {"uuid": "909b1aea-5bed-4bc5-b587-3bc0f2b717f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4883", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8284", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4883\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.\n\ud83d\udccf Published: 2023-02-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-20T19:45:33.470Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=2160213\n2. https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9\n3. https://lists.x.org/archives/xorg-announce/2023-January/003312.html\n4. https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669\n5. https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html", "creation_timestamp": "2025-03-20T20:19:44.000000Z"}, {"uuid": "9e5b4ac0-61ea-46db-afba-c64f0b268a06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2022-48833", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "e80c3f2e-ce2d-42eb-ab3b-4a80589620ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4883", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7970", "content": "#Threat_Research\n1. NAPLISTENER/Wmdtc.exe Analysis\nhttps://www.elastic.co/security-labs/naplistener-more-bad-dreams-from-the-developers-of-siestagraph\n2. Analyzing Linux PATH hijacking vulnerability in the libxpm package (CVE-2022-4883)\nhttps://www.archcloudlabs.com/projects/cve-2022-4883", "creation_timestamp": "2023-03-21T11:26:35.000000Z"}, {"uuid": "88a252f8-feaf-4295-b8ea-5ed0d73ee76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48832", "type": "seen", "source": "https://t.me/cvedetector/941", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48832 - Linux Kernel Audit Openat2 Uninitialized Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48832 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \naudit: don't deref the syscall args when checking the openat2 open_how::flags  \n  \nAs reported by Jeff, dereferencing the openat2 syscall argument in  \naudit_match_perm() to obtain the open_how::flags can result in an  \noops/page-fault.  This patch fixes this by using the open_how struct  \nthat we store in the audit_context with audit_openat2_how().  \n  \nIndependent of this patch, Richard Guy Briggs posted a similar patch  \nto the audit mailing list roughly 40 minutes after this patch was  \nposted. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:27.000000Z"}, {"uuid": "079bf4b3-c1a5-4c07-b24c-795a13a2ba91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48830", "type": "seen", "source": "https://t.me/cvedetector/934", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-48830 - Linux CAN isotp Race Condition Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-48830 \nPublished : July 16, 2024, 12:15 p.m. | 43\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ncan: isotp: fix potential CAN frame reception race in isotp_rcv()  \n  \nWhen receiving a CAN frame the current code logic does not consider  \nconcurrently receiving processes which do not show up in real world  \nusage.  \n  \nZiyang Xuan writes:  \n  \nThe following syz problem is one of the scenarios. so->rx.len is  \nchanged by isotp_rcv_ff() during isotp_rcv_cf(), so->rx.len equals  \n0 before alloc_skb() and equals 4096 after alloc_skb(). That will  \ntrigger skb_over_panic() in skb_put().  \n  \n=======================================================  \nCPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.16.0-rc8-syzkaller #0  \nRIP: 0010:skb_panic+0x16c/0x16e net/core/skbuff.c:113  \nCall Trace:  \n   \n skb_over_panic net/core/skbuff.c:118 [inline]  \n skb_put.cold+0x24/0x24 net/core/skbuff.c:1990  \n isotp_rcv_cf net/can/isotp.c:570 [inline]  \n isotp_rcv+0xa38/0x1e30 net/can/isotp.c:668  \n deliver net/can/af_can.c:574 [inline]  \n can_rcv_filter+0x445/0x8d0 net/can/af_can.c:635  \n can_receive+0x31d/0x580 net/can/af_can.c:665  \n can_rcv+0x120/0x1c0 net/can/af_can.c:696  \n __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5465  \n __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5579  \n  \nTherefore we make sure the state changes and data structures stay  \nconsistent at CAN frame reception time by adding a spin_lock in  \nisotp_rcv(). This fixes the issue reported by syzkaller but does not  \naffect real world operation. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-16T15:26:15.000000Z"}, {"uuid": "9a689a6d-b2bc-4ba3-ad5e-0497b2f147d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4883", "type": "seen", "source": "https://t.me/cibsecurity/57691", "content": "\u203c CVE-2022-4883 \u203c\n\nA flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-07T22:23:14.000000Z"}]}