CVE-2022-29869
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-29869
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29869.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-29869
- Downstream
- Related
- Published
- 2022-04-28T01:15:06Z
- Modified
- 2025-09-19T13:54:04.264225Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
- References
-
- https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379
- https://github.com/piastry/cifs-utils/pull/7
- https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html
- https://security.gentoo.org/glsa/202311-05
- https://www.debian.org/security/2022/dsa-5157
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
- https://security.alpinelinux.org/vuln/CVE-2022-29869
Affected packages
Alpine:v3.16
cifs-utils
Alpine:v3.17
cifs-utils
Alpine:v3.18
cifs-utils
Alpine:v3.19
cifs-utils
Alpine:v3.20
cifs-utils
Alpine:v3.21
cifs-utils
Alpine:v3.22
cifs-utils
Git
github.com/piastry/cifs-utils
Affected ranges
- Type
- GIT
- Repo
- https://github.com/piastry/cifs-utils
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
cifs-utils-4.*
cifs-utils-4.0
cifs-utils-4.0a1
cifs-utils-4.0rc1
cifs-utils-4.1
cifs-utils-4.2
cifs-utils-4.3
cifs-utils-4.4
cifs-utils-4.5
cifs-utils-4.6
cifs-utils-4.7
cifs-utils-4.8
cifs-utils-4.8.1
cifs-utils-4.9
cifs-utils-5.*
cifs-utils-5.0
cifs-utils-5.1
cifs-utils-5.2
cifs-utils-5.3
cifs-utils-5.4
cifs-utils-5.5
cifs-utils-5.6
cifs-utils-5.7
cifs-utils-5.8
cifs-utils-5.9
cifs-utils-6.*
cifs-utils-6.0
cifs-utils-6.1
cifs-utils-6.10
cifs-utils-6.11
cifs-utils-6.12
cifs-utils-6.13
cifs-utils-6.14
cifs-utils-6.2
cifs-utils-6.3
cifs-utils-6.4
cifs-utils-6.5
cifs-utils-6.6
cifs-utils-6.7
cifs-utils-6.8
cifs-utils-6.9
Other
release-4-0a1
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2022-29869-079112c6",
"source": "https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "mount.cifs.c",
"function": "open_cred_file"
},
"signature_version": "v1",
"digest": {
"function_hash": "91061460177468123754902069861250535461",
"length": 1476.0
}
},
{
"id": "CVE-2022-29869-308c8667",
"source": "https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "mount.cifs.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"333177565664066831031052731575158110766",
"269008431299318842638218154133802989812",
"200416903659751381251677829170609985397",
"142948789842139240547537937641208830596",
"44912368005009940171336540415324128652",
"157149416689637315031584410539095472663",
"83440183529970733472400725653080485434",
"172559212895684826899817295477533425772",
"151755585470736387165767965852064864571",
"318376024910814506234711884201024569379",
"1076006348340887466461663850527154898",
"247924530577808540089783321436504017021",
"345905160297107181876084015619107312",
"94278264940853492957148186831503439599"
],
"threshold": 0.9
}
}
]
}