Lava
CVE-2022-44641
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
AnalysisAI
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-776. In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. Affected products include: Linaro Lava, Debian Debian Linux. Version information: before 2022.11.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavata
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remote
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remo
An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remo
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today