CVE-2022-22976
Description
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.36
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22978,CVE-2022-22976 are fixed in Spring-security-core 5.6.4 | Windows |
| Vulnerabilities CVE-2022-22978,CVE-2022-22976 are fixed in Spring-security-core 5.5.7 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Vulnerabilities CVE-2022-22978,CVE-2022-22976 are fixed in Spring-security-core for Linux 5.6.4 | Linux |
| Vulnerabilities CVE-2022-22978,CVE-2022-22976 are fixed in Spring-security-core for Linux 5.5.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234