CVE-2022-4254

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

Link	Resource
https://access.redhat.com/security/cve/CVE-2022-4254	Third Party Advisory
https://github.com/SSSD/sssd/issues/5135	Exploit Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2149894	Exploit Issue Tracking
https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274	Patch Third Party Advisory

Configuration 1

cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*

---

Published : 2023-02-01 05:15

Updated : 2023-02-09 01:41

---

NVD link : CVE-2022-4254

Mitre link : CVE-2022-4254

Enterprise Linux Workstation

Redhat

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')