Sign In

CVE-2022-0563

SOURCE - nist

Summary

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

EPSS Score: 0.00047 (0.166)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-209

Generation of Error Message Containing Sensitive Information

SOURCE - redhat

CWE-209

Generation of Error Message Containing Sensitive Information

Sources (10)

Impacted images

debian

CREATED

UPDATED

SOURCE IDCVE-2022-0563
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow
PackageTypeOS NameOS VersionAffected RangesFix Versions
debian/util-linuxdebdebian12>=2.38.1-5Not yet available
debian/util-linuxdebdebianunstable>=2.40.1-1Not yet available
debian/util-linuxdebdebian10>=2.33.1-0.1Not yet available
debian/util-linuxdebdebian13>=2.40.1-1Not yet available
debian/util-linuxdebdebian11>=2.36.1-8+deb11u1Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

UPDATED

SOURCE IDCVE-2022-0563
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-209

CVSS SCORE

5.5medium

alpine

CREATED

UPDATED

SOURCE IDCVE-2022-0563
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2022-0563
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

amazon

CREATED

UPDATED

SOURCE IDALAS-2022-1901
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

amazon

CREATED

UPDATED

SOURCE IDALAS2023-2023-024
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

amazon

CREATED

UPDATED

SOURCE IDALAS2022-2022-099
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

amazon

CREATED

UPDATED

SOURCE IDALAS2022-2022-218
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

amazon

CREATED

UPDATED

SOURCE IDALAS2-2022-1901
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

redhat

CREATED

UPDATED

SOURCE IDCVE-2022-0563
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-209

CVSS SCORE

5.5medium