CVE-2022-4254

CVE	CVE-2022-4254
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-01 17:15:00 UTC
Updated	2023-05-29 17:15:00 UTC
Description	sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

Problem Types: CWE-90

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fedoraproject	Sssd	All	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Big Endian	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian	7.0	All	All	All
Operating System	Redhat	Enterprise Linux For Scientific Computing	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.1	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All

Reference	Source	Link	Tags
[SECURITY] [DLA 3436-1] sssd security update	MLIST	lists.debian.org
2149894 – (CVE-2022-4254) CVE-2022-4254 sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters	MISC	bugzilla.redhat.com
certmap: sanitize LDAP search filter · SSSD/sssd@a2b9a84 · GitHub	MISC	github.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
Certificate attributes are not sanitized prior to ldap search · Issue #5135 · SSSD/sssd · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

160433 Oracle Enterprise Linux Security Update for sssd (ELSA-2023-0403)
181572 Debian Security Update for sssd (CVE-2022-4254)
181811 Debian Security Update for sssd (DLA 3436-1)
181816 Debian Security Update for sssd (DLA 3436-2)
199409 Ubuntu Security Notification for SSSD Vulnerability (USN-6156-1)
241123 Red Hat Update for sssd (RHSA-2023:0403)
241600 Red Hat Update for sssd (RHSA-2023:0397)
241625 Red Hat Update for sssd (RHSA-2023:0442)
257212 CentOS Security Update for sssd (CESA-2023:0403)
354824 Amazon Linux Security Advisory for sssd : ALAS2-2023-1995
354866 Amazon Linux Security Advisory for sssd : ALAS-2023-1723
377950 Alibaba Cloud Linux Security Update for sssd (ALINUX2-SA-2023:0005)
672864 EulerOS Security Update for sssd (EulerOS-SA-2023-1610)
672967 EulerOS Security Update for sssd (EulerOS-SA-2023-1854)
672983 EulerOS Security Update for sssd (EulerOS-SA-2023-1879)
673031 EulerOS Security Update for sssd (EulerOS-SA-2023-1963)
673046 EulerOS Security Update for sssd (EulerOS-SA-2023-1985)
673066 EulerOS Security Update for sssd (EulerOS-SA-2023-2172)
753593 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2023:0204-1)
753596 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2023:0200-1)
753632 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2023:0301-1)
753635 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2023:0300-1)
753639 SUSE Enterprise Linux Security Update for sssd (SUSE-SU-2023:0292-1)