CVE-2022-4399

Publication date 10 December 2022

Last updated 26 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

Description

A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.

Status

Package Ubuntu Release Status
nodau 26.04 LTS resolute
Not affected
25.10 questing
Not affected
25.04 plucky
Not affected
24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic
Not affected
23.04 lunar Ignored end of life, was needs-triage
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Ignored end of standard support, was needs-triage
18.04 LTS bionic Ignored end of standard support, was needs-triage
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nodau

Severity score breakdown

Parameter Value
Base score 5.5 · Medium
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

Other references

Access our resources on patching vulnerabilities