First published: Fri Nov 18 2022(Updated: )
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linaro LAVA | <2022.11 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
debian/lava | <=2019.01-5 | 2019.01-5+deb10u2 2020.12-5+deb11u2 2023.01-2 |
<2022.11 | ||
=10.0 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-44641 is a vulnerability in Linaro Automated Validation Architecture (LAVA) that allows users with valid credentials to submit crafted XMLRPC requests, causing a Denial of Service.
CVE-2022-44641 affects Linaro LAVA versions before 2022.11, where users with valid credentials can exploit it.
The severity level of CVE-2022-44641 is high, with a CVSS score of 6.5.
Linaro LAVA versions before 2022.11 are affected by CVE-2022-44641.
To mitigate CVE-2022-44641, users are advised to upgrade to Linaro LAVA version 2022.11 or later.