vulnerability

Amazon Linux 2023: CVE-2022-24407: Important priority package update for cyrus-sasl

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Feb 22, 2022
Added
Feb 17, 2025
Modified
Jul 4, 2025

Description

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges.

Solutions

amazon-linux-2023-upgrade-cyrus-saslamazon-linux-2023-upgrade-cyrus-sasl-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-debugsourceamazon-linux-2023-upgrade-cyrus-sasl-develamazon-linux-2023-upgrade-cyrus-sasl-devel-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-gs2amazon-linux-2023-upgrade-cyrus-sasl-gs2-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-gssapiamazon-linux-2023-upgrade-cyrus-sasl-gssapi-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-ldapamazon-linux-2023-upgrade-cyrus-sasl-ldap-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-libamazon-linux-2023-upgrade-cyrus-sasl-lib-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-md5amazon-linux-2023-upgrade-cyrus-sasl-md5-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-ntlmamazon-linux-2023-upgrade-cyrus-sasl-ntlm-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-plainamazon-linux-2023-upgrade-cyrus-sasl-plain-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-scramamazon-linux-2023-upgrade-cyrus-sasl-scram-debuginfoamazon-linux-2023-upgrade-cyrus-sasl-sqlamazon-linux-2023-upgrade-cyrus-sasl-sql-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today