CVE-2022-41716

ADVISORY - nist

Summary

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".

EPSS Score⁠: 0.00012 (0.011)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-other⁠

Impacted images

Advisories

NIST

CREATED

3 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2022-41716⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-other⁠

CVSS SCORE

7.5high

Alpine

CREATED

3 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2022-41716⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2022-41716⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

3 years ago

UPDATED

26 days ago

ADVISORY IDCVE-2022-41716⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5low

GoLang

CREATED

3 years ago

UPDATED

1 year ago

ADVISORY IDGO-2022-1095⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Amazon

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY IDALAS2022-2022-239⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY IDALAS2022-2022-240⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2023-2023-046⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDALAS2023-2023-048⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

BIT-2022-41716

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

1 year ago

UPDATED

1 month ago

ADVISORY ID

BIT-golang-2022-41716

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-24267⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDELSA-2023-18908⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-62f4-2wff-q4x6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY