{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2022-3554", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "dateUpdated": "2022-11-02T00:00:00", "dateRejected": "2022-11-02T00:00:00", "dateReserved": "2022-10-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2022-11-02T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2022-3554", "lastModified": "2023-11-07T03:51:26.017", "metrics": {}, "published": "2022-10-17T13:15:10.563", "references": [], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "libX11: memory leak in _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c", "id": "2136411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136411"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability."], "name": "CVE-2022-3554", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "libX11", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-10-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3554\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3554\nhttps://ubuntu.com/security/CVE-2022-3554"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-401: Missing Release of Memory after Effective Lifetime vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform enforces hardening guidelines to apply the most restrictive configurations necessary for operational requirements. Baseline and configuration setting controls ensure secure system and software configurations, while least functionality reduces the attack surface and minimizes the risk of resource exhaustion from memory leaks. The environment employs malicious code protections such as IDS/IPS and antimalware solutions to detect threats and provide real-time visibility into memory usage, helping prevent memory management issues before they lead to system crashes or exhaustion. Event logs are collected and analyzed for correlation, monitoring, alerting, and retention, supporting the detection of abnormal memory usage patterns that may indicate potential leaks. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the risk of input-based denial-of-service (DoS) attacks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are implemented to strengthen defenses against memory allocation vulnerabilities.", "threat_severity": "Moderate"}