CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2526

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.9%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2022-2526

Netapp » Active Iq Unified Manager » Version: N/A

cpe:2.3:a:netapp:active_iq_unified_manager:-
Systemd Project » Systemd » Version: 240

cpe:2.3:a:systemd_project:systemd:240
Netapp » H300s » Version: N/A

cpe:2.3:h:netapp:h300s:-
Netapp » H410s » Version: N/A

cpe:2.3:h:netapp:h410s:-
Netapp » H500s » Version: N/A

cpe:2.3:h:netapp:h500s:-
Netapp » H700s » Version: N/A

cpe:2.3:h:netapp:h700s:-
Netapp » H300s Firmware » Version: N/A

cpe:2.3:o:netapp:h300s_firmware:-
Netapp » H410s Firmware » Version: N/A

cpe:2.3:o:netapp:h410s_firmware:-
Netapp » H500s Firmware » Version: N/A

cpe:2.3:o:netapp:h500s_firmware:-
Netapp » H700s Firmware » Version: N/A

cpe:2.3:o:netapp:h700s_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2526

Products

Pricing

Contact Us