CVE-2022-24407

Updated: 2024-11-23 05:18:31.754435

Description:

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.5
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU cyrus-sasl 2.1.27 8.8 HIGH Not Vulnerable 2023-11-08 08:36:09
CentOS 6 ELS cyrus-sasl 2.1.23 8.8 HIGH Released CLSA-2022:1646060797 2022-05-05 12:04:44
CentOS 7 ELS cyrus-sasl 2.1.26 8.8 HIGH Already Fixed 2023-09-19 09:30:35
CentOS 8.4 ELS cyrus-sasl 2.1.27-5 8.8 HIGH Released CLSA-2022:1646060576 2022-04-25 16:09:56
CentOS 8.5 ELS cyrus-sasl 2.1.27-5 8.8 HIGH Released CLSA-2022:1646061301 2022-04-25 16:09:56
CloudLinux 6 ELS cyrus-sasl 2.1.23 8.8 HIGH Released CLSA-2022:1646061171 2022-04-25 16:09:56
Oracle Linux 6 ELS cyrus-sasl 2.1.23 8.8 HIGH Released CLSA-2022:1646061219 2022-04-25 16:09:56
Ubuntu 16.04 ELS cyrus-sasl2 2.1.26 8.8 HIGH Released CLSA-2022:1646061262 2022-04-25 16:09:56
Ubuntu 18.04 ELS cyrus-sasl2 2.1.27 8.8 HIGH Already Fixed 2023-06-02 09:09:57