{ "threat_severity" : "Moderate", "public_date" : "2022-07-21T00:00:00Z", "bugzilla" : { "description" : "file-type: a malformed MKV file could cause the file type detector to get caught in an infinite loop", "id" : "2159682", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2159682" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-835", "details" : [ "An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.", "A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive." ], "affected_release" : [ { "product_name" : "Red Hat Data Grid 8.4.1", "release_date" : "2023-02-09T00:00:00Z", "advisory" : "RHSA-2023:0713", "cpe" : "cpe:/a:redhat:jboss_data_grid:8", "package" : "file-type" } ], "package_state" : [ { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-ui-rhel8", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-docs-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Not affected", "package_name" : "file-type", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "file-type", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/code-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/idea-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Will not fix", "package_name" : "devspaces-theia-endpoint-rhel8-container", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Will not fix", "package_name" : "devspaces-theia-rhel8-container", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-36313\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36313" ], "name" : "CVE-2022-36313", "csaw" : false }