{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2963", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T00:53:00.490Z", "dateReserved": "2022-08-23T00:00:00", "datePublished": "2022-10-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault."}], "affected": [{"vendor": "n/a", "product": "jasper", "versions": [{"version": "jasper 3.0.6", "status": "affected"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-2963"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587"}, {"url": "https://github.com/jasper-software/jasper/issues/332"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "memory leaks"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:53:00.490Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2022-2963", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587", "tags": ["x_transferred"]}, {"url": "https://github.com/jasper-software/jasper/issues/332", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jasper_project:jasper:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CD0938AD-12F3-4B02-899A-A54286B9FFEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault."}, {"lang": "es", "value": "Una vulnerabilidad encontrada en jasper. Esta vulnerabilidad de seguridad es producida debido a un fallo de filtrad de memoria en la funci\u00f3n cmdopts_parse que puede causar un fallo o una falla de segmentaci\u00f3n"}], "id": "CVE-2022-2963", "lastModified": "2024-11-21T07:01:59.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-14T18:15:15.537", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2963"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/jasper-software/jasper/issues/332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2022-2963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/jasper-software/jasper/issues/332"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "jasper: memory leaks in function cmdopts_parse", "id": "2118587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118587"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.", "A vulnerability found in jasper. A memory leak bug occurs in the cmdopts_parse function, possibly causing a crash or segmentation fault."], "name": "CVE-2022-2963", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "jasper", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "jasper", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-07-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2963\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2963"], "statement": "Red Hat has determined this vulnerability to be of moderate impact as the memory leak occurs when cmdline parsing fails and causes the process to terminate right away without releasing the memory, leading to the leak. It would take repeated invocations to exhaust system memory and potentially cause service degradation over time.", "threat_severity": "Moderate"}