CVE-2022-28652
Medium
Low
Medium
High
Critical
5.5
CVSS Score
Vulnerability Description
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
116 configuration(s) from 2 vendor(s)
apport
Version:
2.16.2
CPE:
cpe:2.3:a:apport_project:apport:2.16.2:*:*:*:*:*:*:*
apport
Version:
1.21
CPE:
cpe:2.3:a:apport_project:apport:1.21:*:*:*:*:*:*:*
apport
Version:
2.13
CPE:
cpe:2.3:a:apport_project:apport:2.13:*:*:*:*:*:*:*
apport
Version:
2.12.1
CPE:
cpe:2.3:a:apport_project:apport:2.12.1:*:*:*:*:*:*:*
apport
Version:
2.6.1
CPE:
cpe:2.3:a:apport_project:apport:2.6.1:*:*:*:*:*:*:*
apport
Version:
2.12.6
CPE:
cpe:2.3:a:apport_project:apport:2.12.6:*:*:*:*:*:*:*
apport
Version:
2.5.1
CPE:
cpe:2.3:a:apport_project:apport:2.5.1:*:*:*:*:*:*:*
apport
Version:
1.10.1
CPE:
cpe:2.3:a:apport_project:apport:1.10.1:*:*:*:*:*:*:*
apport
Version:
1.95
CPE:
cpe:2.3:a:apport_project:apport:1.95:*:*:*:*:*:*:*
apport
Version:
1.12
CPE:
cpe:2.3:a:apport_project:apport:1.12:*:*:*:*:*:*:*
apport
Version:
1.13.2
CPE:
cpe:2.3:a:apport_project:apport:1.13.2:*:*:*:*:*:*:*
apport
Version:
1.25
CPE:
cpe:2.3:a:apport_project:apport:1.25:*:*:*:*:*:*:*
apport
Version:
2.9
CPE:
cpe:2.3:a:apport_project:apport:2.9:*:*:*:*:*:*:*
apport
Version:
2.1
CPE:
cpe:2.3:a:apport_project:apport:2.1:*:*:*:*:*:*:*
apport
Version:
1.9.4
CPE:
cpe:2.3:a:apport_project:apport:1.9.4:*:*:*:*:*:*:*
apport
Version:
2.18
CPE:
cpe:2.3:a:apport_project:apport:2.18:*:*:*:*:*:*:*
apport
Version:
2.12
CPE:
cpe:2.3:a:apport_project:apport:2.12:*:*:*:*:*:*:*
apport
Version:
1.23.1
CPE:
cpe:2.3:a:apport_project:apport:1.23.1:*:*:*:*:*:*:*
apport
Version:
2.13.2
CPE:
cpe:2.3:a:apport_project:apport:2.13.2:*:*:*:*:*:*:*
apport
Version:
1.16
CPE:
cpe:2.3:a:apport_project:apport:1.16:*:*:*:*:*:*:*
apport
Version:
2.20.9
CPE:
cpe:2.3:a:apport_project:apport:2.20.9:*:*:*:*:*:*:*
apport
Version:
1.22.1
CPE:
cpe:2.3:a:apport_project:apport:1.22.1:*:*:*:*:*:*:*
apport
Version:
2.12.4
CPE:
cpe:2.3:a:apport_project:apport:2.12.4:*:*:*:*:*:*:*
apport
Version:
1.17
CPE:
cpe:2.3:a:apport_project:apport:1.17:*:*:*:*:*:*:*
apport
Version:
2.20.2
CPE:
cpe:2.3:a:apport_project:apport:2.20.2:*:*:*:*:*:*:*
apport
Version:
2.3
CPE:
cpe:2.3:a:apport_project:apport:2.3:*:*:*:*:*:*:*
apport
Version:
2.10
CPE:
cpe:2.3:a:apport_project:apport:2.10:*:*:*:*:*:*:*
apport
Version:
1.13.1
CPE:
cpe:2.3:a:apport_project:apport:1.13.1:*:*:*:*:*:*:*
apport
Version:
2.8
CPE:
cpe:2.3:a:apport_project:apport:2.8:*:*:*:*:*:*:*
apport
Version:
2.2.5
CPE:
cpe:2.3:a:apport_project:apport:2.2.5:*:*:*:*:*:*:*
apport
Version:
2.19.4
CPE:
cpe:2.3:a:apport_project:apport:2.19.4:*:*:*:*:*:*:*
apport
Version:
2.15.1
CPE:
cpe:2.3:a:apport_project:apport:2.15.1:*:*:*:*:*:*:*
apport
Version:
2.19
CPE:
cpe:2.3:a:apport_project:apport:2.19:*:*:*:*:*:*:*
apport
Version:
2.20.10
CPE:
cpe:2.3:a:apport_project:apport:2.20.10:*:*:*:*:*:*:*
apport
Version:
2.12.7
CPE:
cpe:2.3:a:apport_project:apport:2.12.7:*:*:*:*:*:*:*
apport
Version:
2.18.1
CPE:
cpe:2.3:a:apport_project:apport:2.18.1:*:*:*:*:*:*:*
apport
Version:
1.12.1
CPE:
cpe:2.3:a:apport_project:apport:1.12.1:*:*:*:*:*:*:*
apport
Version:
2.11
CPE:
cpe:2.3:a:apport_project:apport:2.11:*:*:*:*:*:*:*
apport
Version:
1.15
CPE:
cpe:2.3:a:apport_project:apport:1.15:*:*:*:*:*:*:*
apport
Version:
1.13.3
CPE:
cpe:2.3:a:apport_project:apport:1.13.3:*:*:*:*:*:*:*
apport
Version:
2.12.5
CPE:
cpe:2.3:a:apport_project:apport:2.12.5:*:*:*:*:*:*:*
apport
Version:
2.7
CPE:
cpe:2.3:a:apport_project:apport:2.7:*:*:*:*:*:*:*
apport
Version:
2.17.2
CPE:
cpe:2.3:a:apport_project:apport:2.17.2:*:*:*:*:*:*:*
apport
Version:
2.17
CPE:
cpe:2.3:a:apport_project:apport:2.17:*:*:*:*:*:*:*
apport
Version:
1.20.1
CPE:
cpe:2.3:a:apport_project:apport:1.20.1:*:*:*:*:*:*:*
apport
Version:
2.20.1
CPE:
cpe:2.3:a:apport_project:apport:2.20.1:*:*:*:*:*:*:*
apport
Version:
2.20.4
CPE:
cpe:2.3:a:apport_project:apport:2.20.4:*:*:*:*:*:*:*
apport
Version:
2.1.1
CPE:
cpe:2.3:a:apport_project:apport:2.1.1:*:*:*:*:*:*:*
apport
Version:
1.91
CPE:
cpe:2.3:a:apport_project:apport:1.91:*:*:*:*:*:*:*
apport
Version:
2.14.4
CPE:
cpe:2.3:a:apport_project:apport:2.14.4:*:*:*:*:*:*:*
apport
Version:
2.14.6
CPE:
cpe:2.3:a:apport_project:apport:2.14.6:*:*:*:*:*:*:*
apport
Version:
2.10.1
CPE:
cpe:2.3:a:apport_project:apport:2.10.1:*:*:*:*:*:*:*
apport
Version:
2.17.1
CPE:
cpe:2.3:a:apport_project:apport:2.17.1:*:*:*:*:*:*:*
apport
Version:
2.19.3
CPE:
cpe:2.3:a:apport_project:apport:2.19.3:*:*:*:*:*:*:*
apport
Version:
2.17.3
CPE:
cpe:2.3:a:apport_project:apport:2.17.3:*:*:*:*:*:*:*
apport
Version:
2.0
CPE:
cpe:2.3:a:apport_project:apport:2.0:*:*:*:*:*:*:*
apport
Version:
0.13
CPE:
cpe:2.3:a:apport_project:apport:0.13:*:*:*:*:*:*:*
apport
Version:
1.18
CPE:
cpe:2.3:a:apport_project:apport:1.18:*:*:*:*:*:*:*
apport
Version:
2.20.7
CPE:
cpe:2.3:a:apport_project:apport:2.20.7:*:*:*:*:*:*:*
apport
Version:
1.9.6
CPE:
cpe:2.3:a:apport_project:apport:1.9.6:*:*:*:*:*:*:*
apport
Version:
1.21.2
CPE:
cpe:2.3:a:apport_project:apport:1.21.2:*:*:*:*:*:*:*
apport
Version:
2.5.3
CPE:
cpe:2.3:a:apport_project:apport:2.5.3:*:*:*:*:*:*:*
apport
Version:
2.2.4
CPE:
cpe:2.3:a:apport_project:apport:2.2.4:*:*:*:*:*:*:*
apport
Version:
1.17.2
CPE:
cpe:2.3:a:apport_project:apport:1.17.2:*:*:*:*:*:*:*
apport
Version:
2.5.2
CPE:
cpe:2.3:a:apport_project:apport:2.5.2:*:*:*:*:*:*:*
apport
Version:
1.94
CPE:
cpe:2.3:a:apport_project:apport:1.94:*:*:*:*:*:*:*
apport
Version:
2.2.1
CPE:
cpe:2.3:a:apport_project:apport:2.2.1:*:*:*:*:*:*:*
apport
Version:
1.90
CPE:
cpe:2.3:a:apport_project:apport:1.90:*:*:*:*:*:*:*
apport
Version:
2.9.2
CPE:
cpe:2.3:a:apport_project:apport:2.9.2:*:*:*:*:*:*:*
apport
Version:
1.93
CPE:
cpe:2.3:a:apport_project:apport:1.93:*:*:*:*:*:*:*
apport
Version:
2.16.1
CPE:
cpe:2.3:a:apport_project:apport:2.16.1:*:*:*:*:*:*:*
apport
Version:
2.6
CPE:
cpe:2.3:a:apport_project:apport:2.6:*:*:*:*:*:*:*
apport
Version:
1.9.5
CPE:
cpe:2.3:a:apport_project:apport:1.9.5:*:*:*:*:*:*:*
apport
Version:
2.10.2
CPE:
cpe:2.3:a:apport_project:apport:2.10.2:*:*:*:*:*:*:*
apport
Version:
1.11
CPE:
cpe:2.3:a:apport_project:apport:1.11:*:*:*:*:*:*:*
apport
Version:
2.15
CPE:
cpe:2.3:a:apport_project:apport:2.15:*:*:*:*:*:*:*
apport
Version:
2.20.6
CPE:
cpe:2.3:a:apport_project:apport:2.20.6:*:*:*:*:*:*:*
apport
Version:
2.14.2
CPE:
cpe:2.3:a:apport_project:apport:2.14.2:*:*:*:*:*:*:*
apport
Version:
2.5
CPE:
cpe:2.3:a:apport_project:apport:2.5:*:*:*:*:*:*:*
apport
Version:
2.14.3
CPE:
cpe:2.3:a:apport_project:apport:2.14.3:*:*:*:*:*:*:*
apport
Version:
1.14
CPE:
cpe:2.3:a:apport_project:apport:1.14:*:*:*:*:*:*:*
apport
Version:
2.6.2
CPE:
cpe:2.3:a:apport_project:apport:2.6.2:*:*:*:*:*:*:*
apport
Version:
1.10
CPE:
cpe:2.3:a:apport_project:apport:1.10:*:*:*:*:*:*:*
apport
Version:
2.2
CPE:
cpe:2.3:a:apport_project:apport:2.2:*:*:*:*:*:*:*
apport
Version:
2.14.5
CPE:
cpe:2.3:a:apport_project:apport:2.14.5:*:*:*:*:*:*:*
apport
Version:
1.94.1
CPE:
cpe:2.3:a:apport_project:apport:1.94.1:*:*:*:*:*:*:*
apport
Version:
2.13.1
CPE:
cpe:2.3:a:apport_project:apport:2.13.1:*:*:*:*:*:*:*
apport
Version:
1.21.1
CPE:
cpe:2.3:a:apport_project:apport:1.21.1:*:*:*:*:*:*:*
apport
Version:
1.22
CPE:
cpe:2.3:a:apport_project:apport:1.22:*:*:*:*:*:*:*
apport
Version:
2.19.2
CPE:
cpe:2.3:a:apport_project:apport:2.19.2:*:*:*:*:*:*:*
apport
Version:
2.20
CPE:
cpe:2.3:a:apport_project:apport:2.20:*:*:*:*:*:*:*
apport
Version:
1.92
CPE:
cpe:2.3:a:apport_project:apport:1.92:*:*:*:*:*:*:*
apport
Version:
2.0.1
CPE:
cpe:2.3:a:apport_project:apport:2.0.1:*:*:*:*:*:*:*
apport
Version:
2.16
CPE:
cpe:2.3:a:apport_project:apport:2.16:*:*:*:*:*:*:*
apport
Version:
2.2.3
CPE:
cpe:2.3:a:apport_project:apport:2.2.3:*:*:*:*:*:*:*
apport
Version:
1.21.3
CPE:
cpe:2.3:a:apport_project:apport:1.21.3:*:*:*:*:*:*:*
apport
Version:
2.19.1
CPE:
cpe:2.3:a:apport_project:apport:2.19.1:*:*:*:*:*:*:*
apport
Version:
2.13.3
CPE:
cpe:2.3:a:apport_project:apport:2.13.3:*:*:*:*:*:*:*
apport
Version:
2.14.7
CPE:
cpe:2.3:a:apport_project:apport:2.14.7:*:*:*:*:*:*:*
apport
Version:
1.23
CPE:
cpe:2.3:a:apport_project:apport:1.23:*:*:*:*:*:*:*
apport
Version:
2.2.2
CPE:
cpe:2.3:a:apport_project:apport:2.2.2:*:*:*:*:*:*:*
apport
Version:
2.20.3
CPE:
cpe:2.3:a:apport_project:apport:2.20.3:*:*:*:*:*:*:*
apport
Version:
2.14
CPE:
cpe:2.3:a:apport_project:apport:2.14:*:*:*:*:*:*:*
apport
Version:
1.17.1
CPE:
cpe:2.3:a:apport_project:apport:1.17.1:*:*:*:*:*:*:*
apport
Version:
2.6.3
CPE:
cpe:2.3:a:apport_project:apport:2.6.3:*:*:*:*:*:*:*
apport
Version:
1.26
CPE:
cpe:2.3:a:apport_project:apport:1.26:*:*:*:*:*:*:*
apport
Version:
2.14.1
CPE:
cpe:2.3:a:apport_project:apport:2.14.1:*:*:*:*:*:*:*
apport
Version:
2.9.1
CPE:
cpe:2.3:a:apport_project:apport:2.9.1:*:*:*:*:*:*:*
apport
Version:
2.12.3
CPE:
cpe:2.3:a:apport_project:apport:2.12.3:*:*:*:*:*:*:*
apport
Version:
1.24
CPE:
cpe:2.3:a:apport_project:apport:1.24:*:*:*:*:*:*:*
apport
Version:
2.4
CPE:
cpe:2.3:a:apport_project:apport:2.4:*:*:*:*:*:*:*
apport
Version:
2.12.2
CPE:
cpe:2.3:a:apport_project:apport:2.12.2:*:*:*:*:*:*:*
ubuntu_linux
Version:
18.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
20.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
21.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
ubuntu_linux
Version:
22.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
This vulnerability affects 116 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://ubuntu.com/security/notices/USN-5427-1security@ubuntu.com Third Party Advisory
-
https://www.cve.org/CVERecord?id=CVE-2022-28652security@ubuntu.com Third Party Advisory
-
https://ubuntu.com/security/notices/USN-5427-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.cve.org/CVERecord?id=CVE-2022-28652af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
5.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
- Description
- The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
- Exploit Likelihood
- Medium
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- June 04, 2024
