CVE-2022-28652 — Vulnetix

CVE-2022-28652 PUBLISHED CVSS 5.5 MEDIUM

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

EPSS 0.04% · 12.7th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.04%

12.7th percentile

Affected Products

Vendor	Product	Versions
canonical	ubuntu_linux	18.04, 20.04, 21.10
Canonical Ltd.	Apport	0
apport_project	apport	0

Exploit Intelligence

https://ubuntu.com/security/notices/USN-5427-1 (circl)
https://www.cve.org/CVERecord?id=CVE-2022-28652 (circl)

Timeline

Jun 4, 2024 CVE Published
Jun 6, 2024 EPSS Score
Jun 29, 2024 EPSS Score
Jul 22, 2024 EPSS Score
Aug 15, 2024 EPSS Score
Sep 7, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 23, 2024 EPSS Score
Nov 15, 2024 EPSS Score
Dec 10, 2024 EPSS Score
Jan 2, 2025 EPSS Score
Jan 25, 2025 EPSS Score

References

https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28652 issue
https://nvd.nist.gov/vuln/detail/CVE-2022-28652 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›