Vulnerabilities > CVE-2022-28652 - XML Entity Expansion vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

apport-project

canonical

CWE-776

NVD

Published: 2024-06-04

Updated: 2024-06-11

Summary

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

Vulnerable Configurations

Part	Description	Count
Application	Apport_Project Apport Project Apport - Apport Project Apport 0.13 Apport Project Apport 1.9.4 Apport Project Apport 1.9.5 Apport Project Apport 1.9.6 Apport Project Apport 1.10 Apport Project Apport 1.10.1 Apport Project Apport 1.11 Apport Project Apport 1.12 Apport Project Apport 1.12.1 Apport Project Apport 1.13.1 Apport Project Apport 1.13.2 Apport Project Apport 1.13.3 Apport Project Apport 1.14 Apport Project Apport 1.15 Apport Project Apport 1.16 Apport Project Apport 1.17 Apport Project Apport 1.17.1 Apport Project Apport 1.17.2 Apport Project Apport 1.18 Apport Project Apport 1.20.1 Apport Project Apport 1.21 Apport Project Apport 1.21.1 Apport Project Apport 1.21.2 Apport Project Apport 1.21.3 Apport Project Apport 1.22 Apport Project Apport 1.22.1 Apport Project Apport 1.23 Apport Project Apport 1.23.1 Apport Project Apport 1.24 Apport Project Apport 1.25 Apport Project Apport 1.26 Apport Project Apport 1.90 Apport Project Apport 1.91 Apport Project Apport 1.92 Apport Project Apport 1.93 Apport Project Apport 1.94 Apport Project Apport 1.94.1 Apport Project Apport 1.95 Apport Project Apport 2.0 Apport Project Apport 2.0.1 Apport Project Apport 2.1 Apport Project Apport 2.1.1 Apport Project Apport 2.2 Apport Project Apport 2.2.1 Apport Project Apport 2.2.2 Apport Project Apport 2.2.3 Apport Project Apport 2.2.4 Apport Project Apport 2.2.5 Apport Project Apport 2.3 Apport Project Apport 2.4 Apport Project Apport 2.5 Apport Project Apport 2.5.1 Apport Project Apport 2.5.2 Apport Project Apport 2.5.3 Apport Project Apport 2.6 Apport Project Apport 2.6.1 Apport Project Apport 2.6.2 Apport Project Apport 2.6.3 Apport Project Apport 2.7 Apport Project Apport 2.8 Apport Project Apport 2.9 Apport Project Apport 2.9.1 Apport Project Apport 2.9.2 Apport Project Apport 2.10 Apport Project Apport 2.10.1 Apport Project Apport 2.10.2 Apport Project Apport 2.11 Apport Project Apport 2.12 Apport Project Apport 2.12.1 Apport Project Apport 2.12.2 Apport Project Apport 2.12.3 Apport Project Apport 2.12.4 Apport Project Apport 2.12.5 Apport Project Apport 2.12.6 Apport Project Apport 2.12.7 Apport Project Apport 2.13 Apport Project Apport 2.13.1 Apport Project Apport 2.13.2 Apport Project Apport 2.13.3 Apport Project Apport 2.14 Apport Project Apport 2.14.1 Apport Project Apport 2.14.2 Apport Project Apport 2.14.3 Apport Project Apport 2.14.4 Apport Project Apport 2.14.5 Apport Project Apport 2.14.6 Apport Project Apport 2.14.7 Apport Project Apport 2.15 Apport Project Apport 2.15.1 Apport Project Apport 2.16 Apport Project Apport 2.16.1 Apport Project Apport 2.16.2 Apport Project Apport 2.17 Apport Project Apport 2.17.1 Apport Project Apport 2.17.2 Apport Project Apport 2.17.3 Apport Project Apport 2.18 Apport Project Apport 2.18.1 Apport Project Apport 2.19 Apport Project Apport 2.19.1 Apport Project Apport 2.19.2 Apport Project Apport 2.19.3 Apport Project Apport 2.19.4 Apport Project Apport 2.20 Apport Project Apport 2.20.1 Apport Project Apport 2.20.2 Apport Project Apport 2.20.3 Apport Project Apport 2.20.4 Apport Project Apport 2.20.6 Apport Project Apport 2.20.7 Apport Project Apport 2.20.9 Apport Project Apport 2.20.10	113
OS	Canonical Canonical Ubuntu Linux 20.04 Canonical Ubuntu Linux 21.10 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 22.04	4

Common Weakness Enumeration (CWE)

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References