UBUNTU-CVE-2022-25858

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-25858

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-25858.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-25858

Related

CVE-2022-25858

Published

2022-07-15T20:15:00Z

Modified

2025-06-03T17:39:18Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

References

Affected packages

Ubuntu:Pro:20.04:LTS / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@4.1.2-6?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.2-4ubuntu1

4.1.2-6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@4.1.2-10?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.2-8

4.1.2-9

4.1.2-10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.2.4+dfsg-6ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.2+dfsg-6ubuntu2

6.2.4+dfsg-1ubuntu1

6.2.4+dfsg-1ubuntu2

6.2.4+dfsg-6ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@5.31.3-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.19.2-1

5.31.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.6.2+dfsg-5ubuntu2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2-final+dfsg-12ubuntu9

6.6.2+dfsg-3

6.6.2+dfsg-4

6.6.2+dfsg-5ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@5.19.2-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.19.2-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.4.2-final+dfsg-12ubuntu9?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2-final+dfsg-11

6.4.2-final+dfsg-12

6.4.2-final+dfsg-12build1

6.4.2-final+dfsg-12ubuntu1

6.4.2-final+dfsg-12ubuntu7

6.4.2-final+dfsg-12ubuntu9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@5.38.0-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.31.3-1

5.38.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.8.3+dfsg-0ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.6.2+dfsg-5ubuntu2

6.7.2+dfsg-5

6.7.2+dfsg-8

6.8.1+dfsg-0ubuntu1

6.8.2+dfsg-0ubuntu2

6.8.2+dfsg-3fakesync1

6.8.3+dfsg-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}