UBUNTU-CVE-2022-25858
- Source
- https://ubuntu.com/security/CVE-2022-25858
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-25858.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-25858
- Upstream
- Published
- 2022-07-15T20:15:00Z
- Modified
- 2025-09-08T16:50:06Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
- References
-
- https://ubuntu.com/security/CVE-2022-25858
- https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722
- https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012
- https://snyk.io/vuln/SNYK-JS-TERSER-2806366
- https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135
- https://www.cve.org/CVERecord?id=CVE-2022-25858
Affected packages
Ubuntu:Pro:20.04:LTS / node-terser
Package
- Name
- node-terser
- Purl
- pkg:deb/ubuntu/node-terser@4.1.2-6?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / node-terser
Package
- Name
- node-terser
- Purl
- pkg:deb/ubuntu/node-terser@4.1.2-10?arch=source&distro=jammy
Ubuntu:22.04:LTS / qt6-webengine
Package
- Name
- qt6-webengine
- Purl
- pkg:deb/ubuntu/qt6-webengine@6.2.4+dfsg-6ubuntu1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.2.2+dfsg-6ubuntu2
6.2.4+dfsg-1ubuntu1
6.2.4+dfsg-1ubuntu2
6.2.4+dfsg-6ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6pdf6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6pdfquick6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6pdfwidgets6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6webengine6-data"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6webenginecore6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6webenginecore6-bin"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6webenginequick6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6webenginequickdelegatesqml6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "libqt6webenginewidgets6"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qml6-module-qtquick-pdf"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qml6-module-qtwebengine"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qml6-module-qtwebengine-controlsdelegates"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qt6-image-formats-plugin-pdf"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qt6-pdf-dev"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qt6-webengine-dev"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qt6-webengine-dev-tools"
},
{
"binary_version": "6.2.4+dfsg-6ubuntu1",
"binary_name": "qt6-webengine-private-dev"
}
]
}
Ubuntu:24.04:LTS / node-terser
Package
- Name
- node-terser
- Purl
- pkg:deb/ubuntu/node-terser@5.19.2-1?arch=source&distro=noble
Ubuntu:24.04:LTS / qt6-webengine
Package
- Name
- qt6-webengine
- Purl
- pkg:deb/ubuntu/qt6-webengine@6.4.2-final+dfsg-12ubuntu9?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.4.2-final+dfsg-11
6.4.2-final+dfsg-12
6.4.2-final+dfsg-12build1
6.4.2-final+dfsg-12ubuntu1
6.4.2-final+dfsg-12ubuntu7
6.4.2-final+dfsg-12ubuntu9
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6pdf6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6pdfquick6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6pdfwidgets6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6webengine6-data"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6webenginecore6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6webenginecore6-bin"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6webenginequick6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6webenginequickdelegatesqml6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "libqt6webenginewidgets6"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qml6-module-qtquick-pdf"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qml6-module-qtwebengine"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qml6-module-qtwebengine-controlsdelegates"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-image-formats-plugin-pdf"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-pdf-dev"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-webengine-dev"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-webengine-dev-tools"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-webengine-doc-dev"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-webengine-doc-html"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-webengine-examples"
},
{
"binary_version": "6.4.2-final+dfsg-12ubuntu9",
"binary_name": "qt6-webengine-private-dev"
}
]
}
Ubuntu:25.04 / node-terser
Package
- Name
- node-terser
- Purl
- pkg:deb/ubuntu/node-terser@5.38.0-1?arch=source&distro=plucky
Ubuntu:25.04 / qt6-webengine
Package
- Name
- qt6-webengine
- Purl
- pkg:deb/ubuntu/qt6-webengine@6.8.3+dfsg-0ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.6.2+dfsg-5ubuntu2
6.7.2+dfsg-5
6.7.2+dfsg-8
6.8.1+dfsg-0ubuntu1
6.8.2+dfsg-0ubuntu2
6.8.2+dfsg-3fakesync1
6.8.3+dfsg-0ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6pdf6"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6pdfquick6"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6pdfwidgets6"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6webengine6-data"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6webenginecore6"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6webenginecore6-bin"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6webenginequick6"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "libqt6webenginewidgets6"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qml6-module-qtquick-pdf"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qml6-module-qtwebengine"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qml6-module-qtwebengine-controlsdelegates"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-image-formats-plugin-pdf"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-pdf-dev"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-webengine-dev"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-webengine-dev-tools"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-webengine-doc-dev"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-webengine-doc-html"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-webengine-examples"
},
{
"binary_version": "6.8.3+dfsg-0ubuntu1",
"binary_name": "qt6-webengine-private-dev"
}
]
}