CVE-2022-4064

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4064

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4064.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4064

Aliases

GHSA-3xg8-cc8f-9wv2

Related

UBUNTU-CVE-2022-4064

Published

2022-11-19T19:15:09Z

Modified

2025-07-02T00:22:04.838507Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.3 is able to address this issue. The patch is identified as 48d594dae55934476fec61789e7a7c3700e0f50d. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/petergoldstein/dalli

Affected ranges

Type: GIT
Repo: https://github.com/petergoldstein/dalli
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

23b246573fb77621441e386cf86be02ca0781898

Fixed

48d594dae55934476fec61789e7a7c3700e0f50d

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.1.1

v1.1.4

v1.1.5

v2.*

v2.0.0

v2.0.3

v2.0.4

v2.0.5

v2.1.0

v2.3.0

v2.5.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.2.0

v3.2.1

v3.2.2