Main Vulnerability Database Vulnerabilities #VU64691

#VU64691 Input validation error in Puppet Firewall Module - CVE-2022-0675

Published: June 27, 2022

Vulnerability identifier: #VU64691

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-0675

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Puppet Firewall Module

Software vendor:
Puppet Labs

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to in certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://puppet.com/security/cve/CVE-2022-0675
https://bugzilla.redhat.com/show_bug.cgi?id=2071567

#VU64691 Input validation error in Puppet Firewall Module - CVE-2022-0675

Description

Remediation

External links

Please verify you're human