CVE-2022-4254
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-4254
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4254.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-4254
- Downstream
- Related
- Published
- 2023-02-01T17:15:09Z
- Modified
- 2025-09-19T14:14:02.310685Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
- References
Affected packages
Git / github.com/sssd/sssd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sssd/sssd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
sssd-0_2_0
sssd-0_2_1
sssd-0_3_1
sssd-0_3_2
sssd-0_3_3
sssd-0_4_0
sssd-0_4_1
sssd-0_5_0
sssd-0_6_0
sssd-0_7_0
sssd-0_99_0
sssd-1_0_99
sssd-1_10_0
sssd-1_10_90
sssd-1_10_92
sssd-1_10_alpha1
sssd-1_10_beta1
sssd-1_10_beta2
sssd-1_11_0
sssd-1_11_0_beta1
sssd-1_11_0_beta2
sssd-1_11_90
sssd-1_11_91
sssd-1_12_0
sssd-1_12_0_beta1
sssd-1_12_0_beta2
sssd-1_12_1
sssd-1_12_2
sssd-1_12_3
sssd-1_12_90
sssd-1_13_0
sssd-1_13_0_alpha
sssd-1_13_1
sssd-1_13_90
sssd-1_13_91
sssd-1_14_0
sssd-1_14_0_alpha1
sssd-1_14_0_beta1
sssd-1_14_1
sssd-1_14_2
sssd-1_15_0
sssd-1_15_1
sssd-1_15_2
sssd-1_15_3
sssd-1_16_0
sssd-1_16_1
sssd-1_16_2
sssd-1_16_3
sssd-1_2_91
sssd-1_3_0
sssd-1_4_0
sssd-1_5_0
sssd-1_5_1
sssd-1_6_0
sssd-1_8_91
sssd-1_8_92
sssd-1_8_93
sssd-1_8_94
sssd-1_8_95
sssd-1_8_96
sssd-1_8_97
sssd-1_8_98
sssd-1_9_0
sssd-1_9_0_beta1
sssd-1_9_0_beta2
sssd-1_9_0_beta3
sssd-1_9_0_beta4
sssd-1_9_0_beta5
sssd-1_9_0_beta6
sssd-1_9_0_beta7
sssd-1_9_0_rc1
sssd-1_9_1
sssd-1_9_2
sssd-1_9_91
sssd-1_9_92
sssd-1_9_93
sssd-1_9_94
sssd-2_1_0
sssd-2_2_0
sssd-2_2_1
sssd-2_2_2
sssd-2_2_3
sssd-2_3_0
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2022-4254-1565ecf2",
"target": {
"file": "src/lib/certmap/sss_certmap.h"
},
"digest": {
"line_hashes": [
"115648587737536876340900747468043932042",
"286224869138222931870565593224301074919",
"321702972262151397103700495864168912127",
"43911331127776708834901769323453442400",
"353508519408071651079584666076386080",
"190051955111482294960613982440698725204",
"303604684200052643469605290014436589053",
"13064777728386254614162706723010804479",
"72654532134074875520478793791890497160"
],
"threshold": 0.9
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2022-4254-1d540634",
"target": {
"file": "src/responder/pam/pamsrv_p11.c"
},
"digest": {
"line_hashes": [
"33724279268746321400631654207959706923",
"27300994548539462473334541111544164071",
"72512766298096155686055085849324235432",
"272132699913062883074587305311608640310",
"227620765115951312875252387389037601701",
"101094000425037005804335556436403781341"
],
"threshold": 0.9
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2022-4254-62c6c49a",
"target": {
"file": "src/lib/certmap/sss_certmap.c"
},
"digest": {
"line_hashes": [
"36909215924900544494525216158936713968",
"42105713235869948546828992598067442174",
"155070925602404319338742258616762884755",
"67147552904434545600510443440721527359",
"272741689146825180179974972369000022461",
"156754113297040636827135621532041706261",
"294920703340554081283691535033066903119",
"85363435212350909049524451135263449746",
"177135464380060035035156312505292822078",
"188988644087980304036912403365013826585",
"259289658023137174481571082323231837093",
"147240680171922100228217095992962658847",
"177441630041527437182789890155705956803",
"281406870368023647678861793837738382725",
"312749730128583540001365430720699500977",
"77452386791366332282348833087111557874",
"318608790895456976002893594098500852505",
"115519019007468916944016789718813473363",
"124990693462051850692786670205654187018",
"38887932722355374902777494180092744972",
"280477252543038786306644124077501494947",
"14330757469830604991130633877058296025",
"297064699406468323924929506355036124340",
"300928442213581228110488666307653095153",
"312834993452331704264966628201811901701",
"286186564281202413608708077818591940581",
"233219589035782062932581202349418593239",
"218162664972284675313635065891299159877",
"297028285398423934411944287337823867880",
"46548479036606185016570126803657670048",
"71267805246239337697721068170527756650",
"237093296167191241881556532053063326188",
"144189858392383361426732997074732513147",
"179719884906250549375258838122874719814",
"113857954141623737093610428702572489874",
"56428874621999911529796690695680780318",
"311786312309346426341895317911238562820",
"89914603881019606861459595928667330521",
"236595512706804387188577672798550267611"
],
"threshold": 0.9
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2022-4254-7513c61a",
"target": {
"file": "src/responder/pam/pamsrv_p11.c",
"function": "get_cert_prompt"
},
"digest": {
"function_hash": "245528362416923772662928663376884284353",
"length": 1081.0
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2022-4254-81c19f99",
"target": {
"file": "src/lib/certmap/sss_certmap.c",
"function": "get_filter"
},
"digest": {
"function_hash": "227006874019069492834395687983301817264",
"length": 888.0
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2022-4254-b48bd774",
"target": {
"file": "src/util/util_ext.c"
},
"digest": {
"line_hashes": [
"242467306997123619383848555276427870472",
"37117102308644390218267099065923735502",
"307663653181867055955206404625995009000",
"193945555105656936453847297800470789796"
],
"threshold": 0.9
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2022-4254-ce38ffbb",
"target": {
"file": "src/lib/certmap/sss_certmap.c",
"function": "sss_certmap_get_search_filter"
},
"digest": {
"function_hash": "334022399598782433399976886285467748727",
"length": 1598.0
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2022-4254-debbfdce",
"target": {
"file": "src/tests/cmocka/test_certmap.c",
"function": "test_sss_certmap_get_search_filter"
},
"digest": {
"function_hash": "46393581563389592887817398668133808659",
"length": 5552.0
},
"deprecated": false
},
{
"source": "https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274",
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2022-4254-ef34f3be",
"target": {
"file": "src/lib/certmap/sss_certmap.c",
"function": "expand_template"
},
"digest": {
"function_hash": "26101549398144425817266298166454580216",
"length": 988.0
},
"deprecated": false
}
]
}