UBUNTU-CVE-2022-25858

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-25858

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-25858.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-25858

Upstream

CVE-2022-25858

Published

2022-07-15T20:15:00Z

Modified

2025-07-14T07:15:40.631616Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

References

Affected packages

Ubuntu:Pro:20.04:LTS / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@4.1.2-6?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.2-4ubuntu1

4.1.2-6

Ubuntu:22.04:LTS / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@4.1.2-10?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.2-8

4.1.2-9

4.1.2-10

Ubuntu:22.04:LTS / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.2.4+dfsg-6ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.2+dfsg-6ubuntu2

6.2.4+dfsg-1ubuntu1

6.2.4+dfsg-1ubuntu2

6.2.4+dfsg-6ubuntu1

Ubuntu:24.04:LTS / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@5.19.2-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.19.2-1

Ubuntu:24.04:LTS / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.4.2-final+dfsg-12ubuntu9?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2-final+dfsg-11

6.4.2-final+dfsg-12

6.4.2-final+dfsg-12build1

6.4.2-final+dfsg-12ubuntu1

6.4.2-final+dfsg-12ubuntu7

6.4.2-final+dfsg-12ubuntu9

Ubuntu:25.04 / node-terser

Package

Name: node-terser
Purl: pkg:deb/ubuntu/node-terser@5.38.0-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.31.3-1

5.38.0-1

Ubuntu:25.04 / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.8.3+dfsg-0ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.6.2+dfsg-5ubuntu2

6.7.2+dfsg-5

6.7.2+dfsg-8

6.8.1+dfsg-0ubuntu1

6.8.2+dfsg-0ubuntu2

6.8.2+dfsg-3fakesync1

6.8.3+dfsg-0ubuntu1