UBUNTU-CVE-2022-31129

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2022-31129

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-31129.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-31129

Related

Published

2022-07-06T18:15:00Z

Modified

2022-07-06T18:15:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.

References

Affected packages

Ubuntu:Pro:16.04:LTS / gnucash

Package

Name: gnucash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.6-2ubuntu2

1:2.6.9-1ubuntu1

1:2.6.12-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / node-moment

Package

Name: node-moment

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.6+dfsg-1

2.11.0+ds-1

2.11.0+ds-1ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / ntopng

Package

Name: ntopng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.1+dfsg1-2ubuntu1

2.*

2.0+dfsg1-1

2.2+dfsg1-1

2.2+dfsg1-1build1

2.2+dfsg1-1ubuntu0.1~esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / sabnzbdplus

Package

Name: sabnzbdplus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.7.20-1

0.7.20+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / wordpress

Package

Name: wordpress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3+dfsg-1

4.3.1+dfsg-1

4.4+dfsg-1

4.4.1+dfsg-1

4.4.2+dfsg-1

4.4.2+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / node-moment

Package

Name: node-moment
Purl: pkg:deb/ubuntu/node-moment@2.20.1+ds-1ubuntu0.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.20.1+ds-1ubuntu0.1

Affected versions

2.*

2.18.1+ds-1

2.19.1+ds-1

2.19.2+ds-1

2.19.3+ds-1

2.19.4+ds-1

2.20.1+ds-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "node-moment": "2.20.1+ds-1ubuntu0.1",
            "libjs-moment": "2.20.1+ds-1ubuntu0.1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / gnucash

Package

Name: gnucash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.6.17-1ubuntu1

1:2.6.18-1

1:2.6.19-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / mediawiki

Package

Name: mediawiki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.27.3-1

1:1.27.4-1

1:1.27.4-2

1:1.27.4-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ntopng

Package

Name: ntopng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4+dfsg1-3

2.4+dfsg1-4

3.*

3.2+dfsg1-1

3.2+dfsg1-1ubuntu0.1~esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / sabnzbdplus

Package

Name: sabnzbdplus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / syncthing

Package

Name: syncthing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.14.36+ds1-1

0.14.38+ds1-1

0.14.43+ds1-5

0.14.43+ds1-6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / wordpress

Package

Name: wordpress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8.2+dfsg-2

4.8.3+dfsg-1

4.9.1+dfsg-1

4.9.2+dfsg-1

4.9.4+dfsg-1

4.9.5+dfsg1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / gnucash

Package

Name: gnucash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:3.*

1:3.7-1ubuntu1

1:3.7-1ubuntu2

1:3.7-2ubuntu1

1:3.8b-1

1:3.8b-1build2

1:3.8b-1build3

1:3.8b-1build4

1:3.8b-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mediawiki

Package

Name: mediawiki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.31.2-1ubuntu1

1:1.31.5-1

1:1.31.5-1ubuntu1

1:1.31.5-2

1:1.31.5-3

1:1.31.5-3ubuntu1

1:1.31.6-1

1:1.31.7-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / node-moment

Package

Name: node-moment
Purl: pkg:deb/ubuntu/node-moment@2.24.0+ds-2ubuntu0.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24.0+ds-2ubuntu0.1

Affected versions

2.*

2.24.0+ds-1

2.24.0+ds-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "node-moment": "2.24.0+ds-2ubuntu0.1",
            "libjs-moment": "2.24.0+ds-2ubuntu0.1"
        }
    ]
}

Ubuntu:20.04:LTS / ntopng

Package

Name: ntopng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.8+dfsg1-2.1build3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / omnidb

Package

Name: omnidb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.16.0+ds-2

2.16.0+ds-2build1

2.16.0+ds-3

2.16.0+ds-4

2.16.0+ds-4build1

2.17.0+ds-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ruby-momentjs-rails

Package

Name: ruby-momentjs-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.20.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / sabnzbdplus

Package

Name: sabnzbdplus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.6+dfsg-1

2.3.6+dfsg-1build1

2.3.6+dfsg-1ubuntu1

3.*

3.0.0~0git20200408+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / syncthing

Package

Name: syncthing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.4~ds1-4

1.1.4~ds1-4ubuntu1

1.1.4~ds1-4ubuntu1.1

1.1.4~ds1-4ubuntu1.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / wordpress

Package

Name: wordpress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.2+dfsg1-1

5.2.4+dfsg1-1

5.3.2+dfsg1-1

5.3.2+dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / gnucash

Package

Name: gnucash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.4-1ubuntu1

1:4.8-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / mediawiki

Package

Name: mediawiki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.35.3-1

1:1.35.4-1

1:1.35.5-1

1:1.35.5-1ubuntu1

1:1.35.5-1ubuntu2

1:1.35.5-1ubuntu3

1:1.35.6-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / node-moment

Package

Name: node-moment
Purl: pkg:deb/ubuntu/node-moment@2.29.1+ds-3ubuntu0.2?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.29.1+ds-3ubuntu0.2

Affected versions

2.*

2.29.1+ds-2

2.29.1+ds-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "node-moment": "2.29.1+ds-3ubuntu0.2",
            "libjs-moment": "2.29.1+ds-3ubuntu0.2"
        }
    ]
}

Ubuntu:22.04:LTS / ntopng

Package

Name: ntopng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.1+dfsg1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / odoo

Package

Name: odoo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

14.*

14.0.0+dfsg.2-7

14.0.0+dfsg.3-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / omnidb

Package

Name: omnidb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.3b+ds-2

3.0.3b+ds-2build1

3.0.3b+ds-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / postfixadmin

Package

Name: postfixadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.7-1

3.3.10-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ruby-momentjs-rails

Package

Name: ruby-momentjs-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.20.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / sabnzbdplus

Package

Name: sabnzbdplus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.2.1+dfsg-1

3.4.2+dfsg-1

3.4.2+dfsg-2

3.5.0+dfsg-1

3.5.0+dfsg-2

3.5.1+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / syncthing

Package

Name: syncthing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.12.1~ds1-4

1.18.0~ds1-3

1.18.0~ds1-3ubuntu0.1

1.18.0~ds1-3ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / wordpress

Package

Name: wordpress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7.1+dfsg1-2ubuntu1

5.8.1+dfsg1-2ubuntu1

5.8.2+dfsg1-1ubuntu1

5.8.3+dfsg1-1ubuntu1

5.8.3+dfsg1-1ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / postfixadmin

Package

Name: postfixadmin
Purl: pkg:deb/ubuntu/postfixadmin@3.3.10-2ubuntu0.1~esm1?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.10-2ubuntu0.1~esm1

Affected versions

3.*

3.3.7-1

3.3.10-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "postfixadmin": "3.3.10-2ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:24.04:LTS / gnucash

Package

Name: gnucash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:5.*

1:5.3-1

1:5.4-2

1:5.4-2build1

1:5.5-1

1:5.5-1ubuntu1

1:5.5-1.1

1:5.5-1.2

1:5.5-1.2build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / mediawiki

Package

Name: mediawiki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.39.4-2

1:1.39.5-1

1:1.39.6-1

1:1.39.7-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / node-moment

Package

Name: node-moment
Purl: pkg:deb/ubuntu/node-moment@2.29.4+ds-1?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.29.4+ds-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "node-moment": "2.29.4+ds-1",
            "libjs-moment": "2.29.4+ds-1"
        }
    ]
}

Ubuntu:24.04:LTS / ntopng

Package

Name: ntopng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.1+dfsg1-1

5.2.1+dfsg1-1ubuntu1

5.2.1+dfsg1-1ubuntu3

5.2.1+dfsg1-1ubuntu4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / odoo

Package

Name: odoo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.0.0+dfsg.1-3

16.0.0+dfsg.2-1.1

16.0.0+dfsg.2-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / omnidb

Package

Name: omnidb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.3b+ds-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / postfixadmin

Package

Name: postfixadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.13-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ruby-momentjs-rails

Package

Name: ruby-momentjs-rails

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.20.1-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / sabnzbdplus

Package

Name: sabnzbdplus

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.2+dfsg-1

4.1.0+dfsg-1

4.2.2+dfsg-2

4.2.2+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / syncthing

Package

Name: syncthing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.19.2~ds1-3

1.27.2~ds4-1

1.27.2~ds4-1ubuntu0.24.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / wordpress

Package

Name: wordpress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2+dfsg1-1ubuntu1

6.4.3+dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}