CVE-2022-44940

NameCVE-2022-44940
DescriptionPatchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
patchelf (PTS)bullseye0.12-1vulnerable
bookworm0.14.3-1vulnerable
sid, trixie0.18.0-1.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
patchelfsource(unstable)(unfixed)unimportant

Notes

https://github.com/NixOS/patchelf/pull/419
https://github.com/NixOS/patchelf/commit/96c8422e374064c3407e73e8b1e4995f95e0a9e0 (0.16.0)
Crash in CLI tool, no securiy impact

Search for package or bug name: Reporting problems