exploitDog

CVE-2022-24407

Опубликовано: 24 фев. 2022

Источник: debian

Описание

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cyrus-sasl2	fixed	2.1.28+dfsg-1	experimental	package
cyrus-sasl2	fixed	2.1.28+dfsg-2		package

Примечания

Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28)
Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 (master)
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28

Связанные уязвимости

CVE-2022-24407

CVSS3: 8.8

ubuntu

больше 3 лет назад

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2022-24407

CVSS3: 8.8

redhat

больше 3 лет назад

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2022-24407

CVSS3: 8.8

nvd

больше 3 лет назад

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2022-24407

CVSS3: 8.8

msrc

больше 3 лет назад

Описание отсутствует

openSUSE-SU-2022:0743-1

suse-cvrf

больше 3 лет назад

Security update for cyrus-sasl