CVE-2022-0563

ADVISORY - debian

Summary

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

util-linux (unimportant) https://bugzilla.redhat.com/show_bug.cgi?id=2053151 https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 util-linux in Debian does build with readline support but chfn and chsh are provided by src:shadow and util-linux is configured with --disable-chfn-chsh

EPSS Score⁠: 0.00025 (0.053)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-209⁠

Generation of Error Message Containing Sensitive Information

ADVISORY - redhat

CWE-209⁠

Generation of Error Message Containing Sensitive Information

Impacted images

Advisories

Debian

CREATED

3 years ago

UPDATED

7 days ago

ADVISORY IDCVE-2022-0563⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/util-linux	deb	debian	12	>=2.38.1-5+deb12u3	Not yet available
debian/util-linux	deb	debian	unstable	>=2.41-5	Not yet available
debian/util-linux	deb	debian	13	>=2.41-4	Not yet available
debian/util-linux	deb	debian	11	>=2.36.1-8+deb11u2	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

3 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2022-0563⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-209⁠

CVSS SCORE

5.5medium

Alpine

CREATED

3 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2022-0563⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

3 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2022-0563⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2-2022-1901⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

11 months ago

UPDATED

2 months ago

ADVISORY IDALAS2022-2022-099⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

11 months ago

UPDATED

2 months ago

ADVISORY IDALAS2022-2022-218⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2023-2023-024⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

3 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2022-0563⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-209⁠

CVSS SCORE

5.5medium

Photon

CREATED

6 months ago

UPDATED

2 months ago

ADVISORY ID

CVE-2022-0563

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium