Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2022-28652

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year, 1 month ago

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

References

https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue-trackingx_transferred

Affected products

apport

<2.21.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

nixos-unstable 0.0.0.4
- nixpkgs-unstable 0.0.0.4
- nixos-unstable-small 0.0.0.4

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>