{"api_version":"1","generated_at":"2026-04-22T21:39:24+00:00","cve":"CVE-2022-0563","urls":{"html":"https://cve.report/CVE-2022-0563","api":"https://cve.report/api/cve/CVE-2022-0563.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0563","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0563"},"summary":{"title":"CVE-2022-0563","description":"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-02-21 19:15:00","updated_at":"2024-01-07 09:15:00"},"problem_types":["CWE-209"],"metrics":[],"references":[{"url":"https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u","name":"https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u","refsource":"","tags":[],"title":"[ANNOUNCE] util-linux v2.37.4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20220331-0002/","name":"https://security.netapp.com/advisory/ntap-20220331-0002/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-0563 Util-linux Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-08","name":"GLSA-202401-08","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u","name":"https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u","refsource":"MISC","tags":[],"title":"[ANNOUNCE] util-linux v2.37.4","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0563","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0563","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"563","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kernel","cpe5":"util-linux","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"563","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"ontap_select_deploy_administration_utility","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-0563","qid":"282389","title":"Fedora Security Update for util (FEDORA-2022-b7de97d0a9)"},{"cve":"CVE-2022-0563","qid":"354120","title":"Amazon Linux Security Advisory for util-linux : ALAS2-2022-1901"},{"cve":"CVE-2022-0563","qid":"354387","title":"Amazon Linux Security Advisory for util-linux : ALAS2022-2022-099"},{"cve":"CVE-2022-0563","qid":"354474","title":"Amazon Linux Security Advisory for util-linux : ALAS2022-2022-218"},{"cve":"CVE-2022-0563","qid":"354581","title":"Amazon Linux Security Advisory for util-linux : ALAS-2022-218"},{"cve":"CVE-2022-0563","qid":"355340","title":"Amazon Linux Security Advisory for util-linux : ALAS2023-2023-024"},{"cve":"CVE-2022-0563","qid":"500714","title":"Alpine Linux Security Update for util-linux"},{"cve":"CVE-2022-0563","qid":"504488","title":"Alpine Linux Security Update for util-linux"},{"cve":"CVE-2022-0563","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2022-0563","qid":"6140396","title":"AWS Bottlerocket Security Update for util-linux (GHSA-mv4q-wq4c-5xmg)"},{"cve":"CVE-2022-0563","qid":"671582","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1590)"},{"cve":"CVE-2022-0563","qid":"671740","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1815)"},{"cve":"CVE-2022-0563","qid":"671742","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1798)"},{"cve":"CVE-2022-0563","qid":"671809","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1855)"},{"cve":"CVE-2022-0563","qid":"671823","title":"EulerOS Security Update for util-linux (EulerOS-SA-2022-1879)"},{"cve":"CVE-2022-0563","qid":"710828","title":"Gentoo Linux util-linux Multiple Vulnerabilities (GLSA 202401-08)"},{"cve":"CVE-2022-0563","qid":"900727","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8838)"},{"cve":"CVE-2022-0563","qid":"901326","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8838-1)"},{"cve":"CVE-2022-0563","qid":"901867","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8841)"},{"cve":"CVE-2022-0563","qid":"902247","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for util-linux (8841-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-0563","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"util-linux","version":{"version_data":[{"version_value":"util-linux 2.37.4"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-209"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u","url":"https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220331-0002/","url":"https://security.netapp.com/advisory/ntap-20220331-0002/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."}]}},"nvd":{"publishedDate":"2022-02-21 19:15:00","lastModifiedDate":"2024-01-07 09:15:00","problem_types":["CWE-209"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":1.9},"severity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*","versionEndExcluding":"2.37.4","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"563","Ordinal":"228132","Title":"CVE-2022-0563","CVE":"CVE-2022-0563","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"563","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}