UBUNTU-CVE-2022-31129
- Source
- https://ubuntu.com/security/CVE-2022-31129
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-31129.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-31129
- Upstream
- Downstream
- Related
- Published
- 2022-07-06T18:15:00Z
- Modified
- 2025-10-24T04:53:40Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
- References
-
- https://ubuntu.com/security/CVE-2022-31129
- https://github.com/moment/moment/pull/6015#issuecomment-1152961973
- https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
- https://ubuntu.com/security/notices/USN-5559-1
- https://ubuntu.com/security/notices/USN-6550-1
- https://www.cve.org/CVERecord?id=CVE-2022-31129
Affected packages
Ubuntu:16.04:LTS
gnucash
sabnzbdplus
Package
- Name
- sabnzbdplus
- Purl
- pkg:deb/ubuntu/sabnzbdplus@0.7.20+dfsg-1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.7.20+dfsg-1",
"binary_name": "sabnzbdplus"
},
{
"binary_version": "0.7.20+dfsg-1",
"binary_name": "sabnzbdplus-theme-classic"
},
{
"binary_version": "0.7.20+dfsg-1",
"binary_name": "sabnzbdplus-theme-iphone"
},
{
"binary_version": "0.7.20+dfsg-1",
"binary_name": "sabnzbdplus-theme-mobile"
},
{
"binary_version": "0.7.20+dfsg-1",
"binary_name": "sabnzbdplus-theme-plush"
},
{
"binary_version": "0.7.20+dfsg-1",
"binary_name": "sabnzbdplus-theme-smpl"
}
]
}wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@4.4.2+dfsg-1ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.3+dfsg-1
4.3.1+dfsg-1
4.4+dfsg-1
4.4.1+dfsg-1
4.4.2+dfsg-1
4.4.2+dfsg-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-theme-twentyfifteen"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-theme-twentyfourteen"
},
{
"binary_version": "4.4.2+dfsg-1ubuntu1",
"binary_name": "wordpress-theme-twentysixteen"
}
]
}Ubuntu:18.04:LTS
node-moment
gnucash
mediawiki
sabnzbdplus
syncthing
Package
- Name
- syncthing
- Purl
- pkg:deb/ubuntu/syncthing@0.14.43+ds1-6?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.14.43+ds1-6",
"binary_name": "golang-github-syncthing-syncthing-dev"
},
{
"binary_version": "0.14.43+ds1-6",
"binary_name": "syncthing"
},
{
"binary_version": "0.14.43+ds1-6",
"binary_name": "syncthing-discosrv"
},
{
"binary_version": "0.14.43+ds1-6",
"binary_name": "syncthing-relaysrv"
}
]
}wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@4.9.5+dfsg1-1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.8.2+dfsg-2
4.8.3+dfsg-1
4.9.1+dfsg-1
4.9.2+dfsg-1
4.9.4+dfsg-1
4.9.5+dfsg1-1
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-theme-twentyfifteen"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-theme-twentyseventeen"
},
{
"binary_version": "4.9.5+dfsg1-1",
"binary_name": "wordpress-theme-twentysixteen"
}
]
}Ubuntu:20.04:LTS
node-moment
gnucash
Package
- Name
- gnucash
- Purl
- pkg:deb/ubuntu/gnucash@1:3.8b-1ubuntu1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.31.7-1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
ntopng
omnidb
Package
- Name
- omnidb
- Purl
- pkg:deb/ubuntu/omnidb@2.17.0+ds-1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
ruby-momentjs-rails
sabnzbdplus
Package
- Name
- sabnzbdplus
- Purl
- pkg:deb/ubuntu/sabnzbdplus@3.0.0~0git20200408+dfsg-1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
syncthing
Package
- Name
- syncthing
- Purl
- pkg:deb/ubuntu/syncthing@1.1.4~ds1-4ubuntu1.2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.1.4~ds1-4ubuntu1.2",
"binary_name": "golang-github-syncthing-syncthing-dev"
},
{
"binary_version": "1.1.4~ds1-4ubuntu1.2",
"binary_name": "syncthing"
},
{
"binary_version": "1.1.4~ds1-4ubuntu1.2",
"binary_name": "syncthing-discosrv"
},
{
"binary_version": "1.1.4~ds1-4ubuntu1.2",
"binary_name": "syncthing-relaysrv"
}
]
}wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@5.3.2+dfsg1-1ubuntu1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentynineteen"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentyseventeen"
},
{
"binary_version": "5.3.2+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentysixteen"
}
]
}Ubuntu:22.04:LTS
gnucash
mediawiki
Package
- Name
- mediawiki
- Purl
- pkg:deb/ubuntu/mediawiki@1:1.35.6-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
node-moment
ntopng
odoo
omnidb
ruby-momentjs-rails
sabnzbdplus
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@5.8.3+dfsg1-1ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.7.1+dfsg1-2ubuntu1
5.8.1+dfsg1-2ubuntu1
5.8.2+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-theme-twentynineteen"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-theme-twentytwenty"
},
{
"binary_version": "5.8.3+dfsg1-1ubuntu1.1",
"binary_name": "wordpress-theme-twentytwentyone"
}
]
}Ubuntu:24.04:LTS
gnucash
Package
- Name
- gnucash
- Purl
- pkg:deb/ubuntu/gnucash@1:5.5-1.2build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
mediawiki
ntopng
odoo
omnidb
postfixadmin
ruby-momentjs-rails
sabnzbdplus
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@6.4.3+dfsg1-1ubuntu1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfour"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentytwentythree"
},
{
"binary_version": "6.4.3+dfsg1-1ubuntu1",
"binary_name": "wordpress-theme-twentytwentytwo"
}
]
}Ubuntu:25.04
gnucash
mediawiki
ntopng
odoo
omnidb
postfixadmin
ruby-momentjs-rails
sabnzbdplus
syncthing
Package
- Name
- syncthing
- Purl
- pkg:deb/ubuntu/syncthing@1.29.2~ds1-1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.29.2~ds1-1",
"binary_name": "golang-github-syncthing-syncthing-dev"
},
{
"binary_version": "1.29.2~ds1-1",
"binary_name": "syncthing"
},
{
"binary_version": "1.29.2~ds1-1",
"binary_name": "syncthing-discosrv"
},
{
"binary_version": "1.29.2~ds1-1",
"binary_name": "syncthing-relaysrv"
}
]
}wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@6.7.2+dfsg1-1.1ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfive"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfour"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentythree"
}
]
}Ubuntu:25.10
gnucash
mediawiki
ntopng
odoo
omnidb
postfixadmin
sabnzbdplus
syncthing
Package
- Name
- syncthing
- Purl
- pkg:deb/ubuntu/syncthing@1.29.5~ds1-2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.29.5~ds1-2",
"binary_name": "golang-github-syncthing-syncthing-dev"
},
{
"binary_version": "1.29.5~ds1-2",
"binary_name": "syncthing"
},
{
"binary_version": "1.29.5~ds1-2",
"binary_name": "syncthing-discosrv"
},
{
"binary_version": "1.29.5~ds1-2",
"binary_name": "syncthing-relaysrv"
}
]
}wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress@6.7.2+dfsg1-1.1ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-l10n"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfive"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentyfour"
},
{
"binary_version": "6.7.2+dfsg1-1.1ubuntu1",
"binary_name": "wordpress-theme-twentytwentythree"
}
]
}Ubuntu:Pro:16.04:LTS
node-moment
ntopng
Package
- Name
- ntopng
- Purl
- pkg:deb/ubuntu/ntopng@2.2+dfsg1-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS
ntopng
Ubuntu:Pro:22.04:LTS
postfixadmin
syncthing
Package
- Name
- syncthing
- Purl
- pkg:deb/ubuntu/syncthing@1.18.0~ds1-3ubuntu0.3+esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.12.1~ds1-4
1.18.0~ds1-3
1.18.0~ds1-3ubuntu0.1
1.18.0~ds1-3ubuntu0.2
1.18.0~ds1-3ubuntu0.3
1.18.0~ds1-3ubuntu0.3+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.18.0~ds1-3ubuntu0.3+esm1",
"binary_name": "golang-github-syncthing-syncthing-dev"
},
{
"binary_version": "1.18.0~ds1-3ubuntu0.3+esm1",
"binary_name": "syncthing"
},
{
"binary_version": "1.18.0~ds1-3ubuntu0.3+esm1",
"binary_name": "syncthing-discosrv"
},
{
"binary_version": "1.18.0~ds1-3ubuntu0.3+esm1",
"binary_name": "syncthing-relaysrv"
}
]
}Ubuntu:Pro:24.04:LTS
syncthing
Package
- Name
- syncthing
- Purl
- pkg:deb/ubuntu/syncthing@1.27.2~ds4-1ubuntu0.24.04.3+esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.19.2~ds1-3
1.27.2~ds4-1
1.27.2~ds4-1ubuntu0.24.04.1
1.27.2~ds4-1ubuntu0.24.04.2
1.27.2~ds4-1ubuntu0.24.04.2+esm1
1.27.2~ds4-1ubuntu0.24.04.3
1.27.2~ds4-1ubuntu0.24.04.3+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.27.2~ds4-1ubuntu0.24.04.3+esm1",
"binary_name": "golang-github-syncthing-syncthing-dev"
},
{
"binary_version": "1.27.2~ds4-1ubuntu0.24.04.3+esm1",
"binary_name": "syncthing"
},
{
"binary_version": "1.27.2~ds4-1ubuntu0.24.04.3+esm1",
"binary_name": "syncthing-discosrv"
},
{
"binary_version": "1.27.2~ds4-1ubuntu0.24.04.3+esm1",
"binary_name": "syncthing-relaysrv"
}
]
}