UBUNTU-CVE-2022-22976
- Source
- https://ubuntu.com/security/CVE-2022-22976
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-22976.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-22976
- Upstream
- Published
- 2022-05-19T15:15:00Z
- Modified
- 2025-10-10T15:04:50Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
- References
Affected packages
Ubuntu:22.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-context-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-core-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-messaging-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-test-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-web-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "4.3.30-1",
"binary_name": "libspring-web-servlet-java"
}
]
}Ubuntu:24.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-context-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-core-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-messaging-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-test-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-web-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "4.3.30-2",
"binary_name": "libspring-web-servlet-java"
}
]
}Ubuntu:25.04
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-2ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-context-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-core-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-messaging-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-test-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-web-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "4.3.30-2ubuntu1",
"binary_name": "libspring-web-servlet-java"
}
]
}Ubuntu:25.10
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-3ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-context-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-core-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-messaging-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-test-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-web-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "4.3.30-3ubuntu1",
"binary_name": "libspring-web-servlet-java"
}
]
}Ubuntu:Pro:14.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@3.0.6.RELEASE-13ubuntu0.1~esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.6.RELEASE-7
3.0.6.RELEASE-8
3.0.6.RELEASE-9
3.0.6.RELEASE-10
3.0.6.RELEASE-11
3.0.6.RELEASE-12
3.0.6.RELEASE-13
3.0.6.RELEASE-13ubuntu0.1~esm1
3.0.6.RELEASE-13ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-context-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-core-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-test-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-web-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-web-servlet-java"
},
{
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2",
"binary_name": "libspring-web-struts-java"
}
]
}Ubuntu:Pro:16.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@3.2.13-5ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-context-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-core-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-test-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-web-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "3.2.13-5ubuntu0.1~esm1",
"binary_name": "libspring-web-servlet-java"
}
]
}Ubuntu:Pro:18.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.22-1~18.04.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-context-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-core-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-messaging-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-test-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-web-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "4.3.22-1~18.04.1~esm1",
"binary_name": "libspring-web-servlet-java"
}
]
}Ubuntu:Pro:20.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.22-4ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-aop-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-beans-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-context-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-context-support-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-core-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-expression-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-instrument-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-jdbc-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-jms-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-messaging-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-orm-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-oxm-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-test-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-transaction-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-web-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-web-portlet-java"
},
{
"binary_version": "4.3.22-4ubuntu0.1~esm1",
"binary_name": "libspring-web-servlet-java"
}
]
}