CVE-2022-2663

Severity

53%

Complexity

39%

Confidentiality

23%

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Overview

First reported 2 years ago

2022-09-01 21:15:00

Last updated 2 years ago

2022-11-21 14:26:00

Affected Software

Linux Kernel

References

https://www.openwall.com/lists/oss-security/2022/08/30/1

https://lore.kernel.org/netfilter-devel/[email protected]/T/

https://www.openwall.com/lists/oss-security/2022/08/30/1

Mailing List, Third Party Advisory

https://lore.kernel.org/netfilter-devel/[email protected]/T/

Mailing List, Patch, Vendor Advisory

[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update

[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update

Mailing List, Third Party Advisory

https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663

https://www.youtube.com/watch?v=WIq-YgQuYCA

DSA-5257

[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update

https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663

Exploit, Third Party Advisory

https://www.youtube.com/watch?v=WIq-YgQuYCA

Exploit, Third Party Advisory

DSA-5257

Third Party Advisory

[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update

Mailing List, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.