OESA-2022-1928

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1928

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1928.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1928

Upstream

CVE-2022-40320

Published

2022-09-23T11:04:18Z

Modified

2026-03-11T06:26:01.974328Z

Summary

libconfuse security update

Details

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and (lists of) values (strings, integers, floats, booleans or other sections), as well as some other features (such as single/double-quoted strings, environment variable expansion, functions and nested include statements). It makes it very easy to add configuration file capability to a program using a simple API. The goal of libConfuse is not to be the configuration file parser library with a gazillion of features. Instead, it aims to be easy to use and quick to integrate with your code.

Security Fix(es):

cfgtildeexpand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.(CVE-2022-40320)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / libconfuse

Package

Name: libconfuse
Purl: pkg:rpm/openEuler/libconfuse&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-2.oe1

Ecosystem specific

{
    "src": [
        "libconfuse-3.3-2.oe1.src.rpm"
    ],
    "x86_64": [
        "libconfuse-devel-3.3-2.oe1.x86_64.rpm",
        "libconfuse-debuginfo-3.3-2.oe1.x86_64.rpm",
        "libconfuse-debugsource-3.3-2.oe1.x86_64.rpm",
        "libconfuse-3.3-2.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "libconfuse-debugsource-3.3-2.oe1.aarch64.rpm",
        "libconfuse-devel-3.3-2.oe1.aarch64.rpm",
        "libconfuse-debuginfo-3.3-2.oe1.aarch64.rpm",
        "libconfuse-3.3-2.oe1.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1928.json"

openEuler:20.03-LTS-SP3 / libconfuse

Package

Name: libconfuse
Purl: pkg:rpm/openEuler/libconfuse&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-2.oe1

Ecosystem specific

{
    "src": [
        "libconfuse-3.3-2.oe1.src.rpm"
    ],
    "x86_64": [
        "libconfuse-debugsource-3.3-2.oe1.x86_64.rpm",
        "libconfuse-3.3-2.oe1.x86_64.rpm",
        "libconfuse-debuginfo-3.3-2.oe1.x86_64.rpm",
        "libconfuse-devel-3.3-2.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "libconfuse-debugsource-3.3-2.oe1.aarch64.rpm",
        "libconfuse-debuginfo-3.3-2.oe1.aarch64.rpm",
        "libconfuse-devel-3.3-2.oe1.aarch64.rpm",
        "libconfuse-3.3-2.oe1.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1928.json"

openEuler:22.03-LTS / libconfuse

Package

Name: libconfuse
Purl: pkg:rpm/openEuler/libconfuse&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3-2.oe2203

Ecosystem specific

{
    "src": [
        "libconfuse-3.3-2.oe2203.src.rpm"
    ],
    "x86_64": [
        "libconfuse-devel-3.3-2.oe2203.x86_64.rpm",
        "libconfuse-debugsource-3.3-2.oe2203.x86_64.rpm",
        "libconfuse-3.3-2.oe2203.x86_64.rpm",
        "libconfuse-debuginfo-3.3-2.oe2203.x86_64.rpm"
    ],
    "aarch64": [
        "libconfuse-devel-3.3-2.oe2203.aarch64.rpm",
        "libconfuse-debuginfo-3.3-2.oe2203.aarch64.rpm",
        "libconfuse-debugsource-3.3-2.oe2203.aarch64.rpm",
        "libconfuse-3.3-2.oe2203.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1928.json"