CVE-2022-4254

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4254
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4254.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-4254
Downstream
Related
Published
2023-02-01T17:15:09Z
Modified
2025-10-15T14:11:21.164189Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

References

Affected packages

Git / github.com/sssd/sssd

Affected ranges

Type
GIT
Repo
https://github.com/sssd/sssd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a2b9a84460429181f2a4fa7e2bb5ab49fd561274

Affected versions

Other

sssd-0_2_0
sssd-0_2_1
sssd-0_3_1
sssd-0_3_2
sssd-0_3_3
sssd-0_4_0
sssd-0_4_1
sssd-0_5_0
sssd-0_6_0
sssd-0_7_0
sssd-0_99_0
sssd-1_0_99
sssd-1_10_0
sssd-1_10_90
sssd-1_10_92
sssd-1_10_alpha1
sssd-1_10_beta1
sssd-1_10_beta2
sssd-1_11_0
sssd-1_11_0_beta1
sssd-1_11_0_beta2
sssd-1_11_90
sssd-1_11_91
sssd-1_12_0
sssd-1_12_0_beta1
sssd-1_12_0_beta2
sssd-1_12_1
sssd-1_12_2
sssd-1_12_3
sssd-1_12_90
sssd-1_13_0
sssd-1_13_0_alpha
sssd-1_13_1
sssd-1_13_90
sssd-1_13_91
sssd-1_14_0
sssd-1_14_0_alpha1
sssd-1_14_0_beta1
sssd-1_14_1
sssd-1_14_2
sssd-1_15_0
sssd-1_15_1
sssd-1_15_2
sssd-1_15_3
sssd-1_16_0
sssd-1_16_1
sssd-1_16_2
sssd-1_16_3
sssd-1_2_91
sssd-1_3_0
sssd-1_4_0
sssd-1_5_0
sssd-1_5_1
sssd-1_6_0
sssd-1_8_91
sssd-1_8_92
sssd-1_8_93
sssd-1_8_94
sssd-1_8_95
sssd-1_8_96
sssd-1_8_97
sssd-1_8_98
sssd-1_9_0
sssd-1_9_0_beta1
sssd-1_9_0_beta2
sssd-1_9_0_beta3
sssd-1_9_0_beta4
sssd-1_9_0_beta5
sssd-1_9_0_beta6
sssd-1_9_0_beta7
sssd-1_9_0_rc1
sssd-1_9_1
sssd-1_9_2
sssd-1_9_91
sssd-1_9_92
sssd-1_9_93
sssd-1_9_94
sssd-2_1_0
sssd-2_2_0
sssd-2_2_1
sssd-2_2_2
sssd-2_2_3
sssd-2_3_0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Line",
        "target": {
            "file": "src/lib/certmap/sss_certmap.h"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "115648587737536876340900747468043932042",
                "286224869138222931870565593224301074919",
                "321702972262151397103700495864168912127",
                "43911331127776708834901769323453442400",
                "353508519408071651079584666076386080",
                "190051955111482294960613982440698725204",
                "303604684200052643469605290014436589053",
                "13064777728386254614162706723010804479",
                "72654532134074875520478793791890497160"
            ]
        },
        "id": "CVE-2022-4254-1565ecf2"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Line",
        "target": {
            "file": "src/responder/pam/pamsrv_p11.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "33724279268746321400631654207959706923",
                "27300994548539462473334541111544164071",
                "72512766298096155686055085849324235432",
                "272132699913062883074587305311608640310",
                "227620765115951312875252387389037601701",
                "101094000425037005804335556436403781341"
            ]
        },
        "id": "CVE-2022-4254-1d540634"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Line",
        "target": {
            "file": "src/lib/certmap/sss_certmap.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "36909215924900544494525216158936713968",
                "42105713235869948546828992598067442174",
                "155070925602404319338742258616762884755",
                "67147552904434545600510443440721527359",
                "272741689146825180179974972369000022461",
                "156754113297040636827135621532041706261",
                "294920703340554081283691535033066903119",
                "85363435212350909049524451135263449746",
                "177135464380060035035156312505292822078",
                "188988644087980304036912403365013826585",
                "259289658023137174481571082323231837093",
                "147240680171922100228217095992962658847",
                "177441630041527437182789890155705956803",
                "281406870368023647678861793837738382725",
                "312749730128583540001365430720699500977",
                "77452386791366332282348833087111557874",
                "318608790895456976002893594098500852505",
                "115519019007468916944016789718813473363",
                "124990693462051850692786670205654187018",
                "38887932722355374902777494180092744972",
                "280477252543038786306644124077501494947",
                "14330757469830604991130633877058296025",
                "297064699406468323924929506355036124340",
                "300928442213581228110488666307653095153",
                "312834993452331704264966628201811901701",
                "286186564281202413608708077818591940581",
                "233219589035782062932581202349418593239",
                "218162664972284675313635065891299159877",
                "297028285398423934411944287337823867880",
                "46548479036606185016570126803657670048",
                "71267805246239337697721068170527756650",
                "237093296167191241881556532053063326188",
                "144189858392383361426732997074732513147",
                "179719884906250549375258838122874719814",
                "113857954141623737093610428702572489874",
                "56428874621999911529796690695680780318",
                "311786312309346426341895317911238562820",
                "89914603881019606861459595928667330521",
                "236595512706804387188577672798550267611"
            ]
        },
        "id": "CVE-2022-4254-62c6c49a"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Function",
        "target": {
            "function": "get_cert_prompt",
            "file": "src/responder/pam/pamsrv_p11.c"
        },
        "deprecated": false,
        "digest": {
            "length": 1081.0,
            "function_hash": "245528362416923772662928663376884284353"
        },
        "id": "CVE-2022-4254-7513c61a"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Function",
        "target": {
            "function": "get_filter",
            "file": "src/lib/certmap/sss_certmap.c"
        },
        "deprecated": false,
        "digest": {
            "length": 888.0,
            "function_hash": "227006874019069492834395687983301817264"
        },
        "id": "CVE-2022-4254-81c19f99"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Line",
        "target": {
            "file": "src/util/util_ext.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "242467306997123619383848555276427870472",
                "37117102308644390218267099065923735502",
                "307663653181867055955206404625995009000",
                "193945555105656936453847297800470789796"
            ]
        },
        "id": "CVE-2022-4254-b48bd774"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Function",
        "target": {
            "function": "sss_certmap_get_search_filter",
            "file": "src/lib/certmap/sss_certmap.c"
        },
        "deprecated": false,
        "digest": {
            "length": 1598.0,
            "function_hash": "334022399598782433399976886285467748727"
        },
        "id": "CVE-2022-4254-ce38ffbb"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Function",
        "target": {
            "function": "test_sss_certmap_get_search_filter",
            "file": "src/tests/cmocka/test_certmap.c"
        },
        "deprecated": false,
        "digest": {
            "length": 5552.0,
            "function_hash": "46393581563389592887817398668133808659"
        },
        "id": "CVE-2022-4254-debbfdce"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
        "signature_type": "Function",
        "target": {
            "function": "expand_template",
            "file": "src/lib/certmap/sss_certmap.c"
        },
        "deprecated": false,
        "digest": {
            "length": 988.0,
            "function_hash": "26101549398144425817266298166454580216"
        },
        "id": "CVE-2022-4254-ef34f3be"
    }
]