CVE-2022-27240

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-27240
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27240.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-27240
Downstream
Published
2022-03-18T06:15:08.590Z
Modified
2026-02-23T08:25:51.623464Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.

References

Affected packages

Git / github.com/babelouest/glewlwyd

Affected ranges

Type
GIT
Repo
https://github.com/babelouest/glewlwyd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4c5597c155bfbaf6491cf6b83479d241ae66940a
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d147ccd0c493b1fad5a2bcd2a9a5c6d3fda9ae1c
Introduced
9ff7a039b873666099ad306bef0c13082902d39a
Fixed
4c5597c155bfbaf6491cf6b83479d241ae66940a

Affected versions

v2.*
v2.0.0
v2.1.0
v2.1.1
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.6.0
v2.6.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27240.json"
vanir_signatures 
[
    {
        "id": "CVE-2022-27240-63f1fb6a",
        "source": "https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "220808046081210396080077479638927040481",
                "57273834636401937923658788307504268900",
                "313108989129243707049059965441053762188",
                "228164923958231496861717270284664263050",
                "234309396422907365673195692716210437506",
                "231881941146739342230003207148563531694",
                "169004794240369310944560637058773310332",
                "336525734495495921256508124459061621204"
            ]
        },
        "target": {
            "file": "src/scheme/webauthn.c"
        }
    },
    {
        "id": "CVE-2022-27240-9a76c3ff",
        "source": "https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "57275488854267954372487593094167411292",
            "length": 10261.0
        },
        "target": {
            "function": "check_assertion",
            "file": "src/scheme/webauthn.c"
        }
    }
]