VDB
ALPINE-CVE-2022-24407
ALPINE-CVE-2022-24407
PUBLISHED
CVSS 8.800000190734863 HIGH
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.15 | cyrus-sasl | 2.1.27-r9, 2.1.27-r8, 2.1.27-r7 |
| Alpine:v3.14 | cyrus-sasl | 2.1.26-r0, 2.1.26-r8, 2.1.26-r9 |
| Alpine:v3.13 | cyrus-sasl | 2.1.27-r1, 2.1.27-r0, 2.1.26-r8 |
| Alpine:v3.20 | cyrus-sasl | 2.1.26-r7, 2.1.27-r10, 2.1.23-r10 |
| Alpine:v3.18 | cyrus-sasl | 2.1.23-r11, 2.1.23-r4, 2.1.23-r14 |
| Alpine:v3.24 | cyrus-sasl | 2.1.17 |
| Alpine:v3.19 | cyrus-sasl | 2.1.26-r7, 2.1.17, 2.1.27-r9 |
| Alpine:v3.12 | cyrus-sasl | 2.1.23-r15, 2.1.23-r2, 2.1.23-r3 |
| Alpine:v3.21 | cyrus-sasl | 2.1.23-r5, 2.1.23-r4, 2.1.23-r3 |
| Alpine:v3.22 | cyrus-sasl | 2.1.27-r5, 0, 2.1.23-r0 |
| Alpine:v3.23 | cyrus-sasl | 2.1.17, 2.1.27-r9, 2.1.27-r8 |
| Alpine:v3.17 | cyrus-sasl | 0, 2.1.23-r0, 2.1.23-r1 |
| Alpine:v3.16 | cyrus-sasl | 0, 2.1.23-r0, 2.1.23-r11 |
Timeline
- Feb 24, 2022 CVE Published
- Apr 30, 2026 Distribution Patch
- Jul 8, 2026 CVE Updated