VDB

ALPINE-CVE-2022-24407

ALPINE-CVE-2022-24407 PUBLISHED CVSS 8.800000190734863 HIGH

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.15cyrus-sasl2.1.27-r9, 2.1.27-r8, 2.1.27-r7
Alpine:v3.14cyrus-sasl2.1.26-r0, 2.1.26-r8, 2.1.26-r9
Alpine:v3.13cyrus-sasl2.1.27-r1, 2.1.27-r0, 2.1.26-r8
Alpine:v3.20cyrus-sasl2.1.26-r7, 2.1.27-r10, 2.1.23-r10
Alpine:v3.18cyrus-sasl2.1.23-r11, 2.1.23-r4, 2.1.23-r14
Alpine:v3.24cyrus-sasl2.1.17
Alpine:v3.19cyrus-sasl2.1.26-r7, 2.1.17, 2.1.27-r9
Alpine:v3.12cyrus-sasl2.1.23-r15, 2.1.23-r2, 2.1.23-r3
Alpine:v3.21cyrus-sasl2.1.23-r5, 2.1.23-r4, 2.1.23-r3
Alpine:v3.22cyrus-sasl2.1.27-r5, 0, 2.1.23-r0
Alpine:v3.23cyrus-sasl2.1.17, 2.1.27-r9, 2.1.27-r8
Alpine:v3.17cyrus-sasl0, 2.1.23-r0, 2.1.23-r1
Alpine:v3.16cyrus-sasl0, 2.1.23-r0, 2.1.23-r11

Timeline

  • Feb 24, 2022 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jul 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›