vulnerability

Debian: CVE-2022-44641: lava -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Nov 18, 2022	Jan 16, 2023	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Nov 18, 2022

Added

Jan 16, 2023

Modified

Mar 30, 2026

Description

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

Solution

debian-upgrade-lava

References

CVE-2022-44641
https://attackerkb.com/topics/CVE-2022-44641
CWE-776
DEBIAN-DSA-5318
DEBIAN-DSA-5318-1
EUVD-EUVD-2022-47577
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-47577

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today