Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 887823 (CVE-2022-4639) - net-misc/sslh-2.0-rc1: format string vulnerability
Summary: net-misc/sslh-2.0-rc1: format string vulnerability
Status: RESOLVED INVALID
Alias: CVE-2022-4639
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://github.com/yrutschle/sslh/com...
Whiteboard: B1 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-22 03:44 UTC by John Helmert III
Modified: 2022-12-24 17:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-22 03:44:15 UTC 
CVE-2022-4639 (https://github.com/yrutschle/sslh/pull/353):

A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability.

Please apply the patch.
Comment 1 Craig Andrews gentoo-dev 2022-12-24 17:18:55 UTC 
This CVE only applies to sslh 2.0-rc1 which is not in Gentoo: https://github.com/yrutschle/sslh/pull/353#issuecomment-1362996285

Therefore, I'm closing this issue as invalid.