| Name | CVE-2022-44940 |
| Description | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| patchelf (PTS) | jessie | 0.8-2 | vulnerable |
| stretch | 0.9-1 | vulnerable |
| buster | 0.9+52.20180509-1 | vulnerable |
| bullseye | 0.12-1 | vulnerable |
| bookworm | 0.14.3-1 | vulnerable |
| sid, trixie | 0.18.0-1.1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| patchelf | source | (unstable) | (unfixed) | unimportant | | |
Notes
https://github.com/NixOS/patchelf/pull/419
https://github.com/NixOS/patchelf/commit/96c8422e374064c3407e73e8b1e4995f95e0a9e0 (0.16.0)
Crash in CLI tool, no securiy impact