CVE-2022-2738
Last modified
CVE-2022-2738 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.. EPSS estimates a 0.71% chance of exploitation in the next 30 days.
Description
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Podman Project | Podman | 1.6.4-32.el7_9 |
References
- https://access.redhat.com/security/cve/CVE-2022-2738Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2116923Issue Tracking, Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-2738Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2116923Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2738?
How severe is CVE-2022-2738?
How do I fix CVE-2022-2738?
Are you affected by CVE-2022-2738?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST