What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-2738.

What software is affected by this vulnerability?

The podman package with version 1.6.4-36.el7_9 on Red Hat Enterprise Linux 7 Extras is affected by this vulnerability.

What is the severity of CVE-2022-2738?

The severity of CVE-2022-2738 is high.

What is the fix for this vulnerability?

Upgrade the podman package to version 1.6.4-36.el7_9 or higher.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Red Hat Security Advisory RHSA-2022:2190.

Vulnerability/
CVE-2022-2738

high

7.5

CWE

416

9/8/2022

19/8/2022

12/2/2023

CVE-2022-2738: Use After Free

First published: Tue Aug 09 2022(Updated: )

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/podman	<0:1.6.4-36.el7_9	0:1.6.4-36.el7_9
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Workstation	=7.0
Podman Project Podman	=1.6.4-32.el7_9

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2022:6119

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-2738.
What software is affected by this vulnerability?
The podman package with version 1.6.4-36.el7_9 on Red Hat Enterprise Linux 7 Extras is affected by this vulnerability.
What is the severity of CVE-2022-2738?
The severity of CVE-2022-2738 is high.
What is the fix for this vulnerability?
Upgrade the podman package to version 1.6.4-36.el7_9 or higher.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Red Hat Security Advisory RHSA-2022:2190.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-2738
collector/redhat-cve
vendor/redhat
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/podman project
canonical/podman project podman
version/podman project podman/1.6.4-32.el7_9
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.