CVE-2022-48620 - Vulnerability Details - OpenCVE

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Troglobit	Libeuv

Configuration 1 [-]

cpe:2.3:a:troglobit:libeuv:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9
https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1
https://github.com/troglobit/libuev/issues/27
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/
https://lists.fedoraproject.org/archives/list/[email protected]/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/
https://lists.fedoraproject.org/archives/list/[email protected]/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/
https://lists.fedoraproject.org/archives/list/[email protected]/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/

History

Tue, 03 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/[email protected]/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/ https://lists.fedoraproject.org/archives/list/[email protected]/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/ https://lists.fedoraproject.org/archives/list/[email protected]/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-12T00:00:00.000Z

Updated: 2025-06-03T14:06:55.282Z

Reserved: 2024-01-12T00:00:00.000Z

Link: CVE-2022-48620

Vulnrichment

Updated: 2024-08-03T15:17:55.305Z

NVD

Status : Modified

Published: 2024-01-12T04:15:08.123

Modified: 2025-06-03T14:15:27.857

Link: CVE-2022-48620

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-48620", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-06-03T14:06:55.282Z", "dateReserved": "2024-01-12T00:00:00.000Z", "datePublished": "2024-01-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-23T02:06:27.460Z"}, "descriptions": [{"lang": "en", "value": "uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/troglobit/libuev/issues/27"}, {"url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1"}, {"url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9"}, {"name": "FEDORA-2024-75e1256954", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"name": "FEDORA-2024-d6a850992f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}, {"name": "FEDORA-2024-40fbf3ee48", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}, {"url": "https://github.com/troglobit/libuev/issues/27", "tags": ["x_transferred"]}, {"url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1", "tags": ["x_transferred"]}, {"url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-75e1256954", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"name": "FEDORA-2024-d6a850992f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}, {"name": "FEDORA-2024-40fbf3ee48", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.305Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T23:34:45.904465Z", "id": "CVE-2022-48620", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:06:55.282Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}, {"url": "https://github.com/troglobit/libuev/issues/27", "tags": ["x_transferred"]}, {"url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1", "tags": ["x_transferred"]}, {"url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/", "name": "FEDORA-2024-75e1256954", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/", "name": "FEDORA-2024-d6a850992f", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/", "name": "FEDORA-2024-40fbf3ee48", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:55.305Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-48620", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-09T23:34:45.904465Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T23:34:47.706Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/troglobit/libuev/issues/27"}, {"url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1"}, {"url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/", "name": "FEDORA-2024-75e1256954", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/", "name": "FEDORA-2024-d6a850992f", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/", "name": "FEDORA-2024-40fbf3ee48", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-23T02:06:27.460Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48620", "state": "PUBLISHED", "dateUpdated": "2025-06-03T14:06:55.282Z", "dateReserved": "2024-01-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-01-12T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:troglobit:libeuv:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFF2C023-36E0-4067-8541-A9B49FF7361B", "versionEndExcluding": "2.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number."}, {"lang": "es", "value": "uev (aka libuev) anterior a 2.4.1 tiene un desbordamiento de b\u00fafer en epoll_wait si maxevents es un n\u00famero grande."}], "id": "CVE-2022-48620", "lastModified": "2025-06-03T14:15:27.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-01-12T04:15:08.123", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9"}, {"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1"}, {"source": "[email protected]", "tags": ["Issue Tracking"], "url": "https://github.com/troglobit/libuev/issues/27"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/troglobit/libuev/compare/v2.4.0...v2.4.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/troglobit/libuev/issues/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/2J4UB4KXWCCTZCE53B6SFIREZ57INK7T/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/E6RLVLJGDKTEVJP446TFDANHB4LHRAOP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/P2XZESYGE6XDWAPFUOX26ZWJV2JWMMM5/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}