vulnerability

Rocky Linux: CVE-2022-4904: nodejs-18 (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:C)

Published

Mar 6, 2023

Added

Mar 5, 2024

Modified

Mar 31, 2026

Description

A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

Solutions

rocky-upgrade-nodejsrocky-upgrade-nodejs-debuginforocky-upgrade-nodejs-debugsourcerocky-upgrade-nodejs-develrocky-upgrade-nodejs-full-i18nrocky-upgrade-nodejs-libsrocky-upgrade-nodejs-libs-debuginforocky-upgrade-npm

References

CVE-2022-4904
https://attackerkb.com/topics/CVE-2022-4904
CWE-1284
CWE-20
EUVD-EUVD-2022-52159
https://errata.rockylinux.org/RLSA-2023:1582
https://errata.rockylinux.org/RLSA-2023:1743
https://errata.rockylinux.org/RLSA-2023:2654
https://errata.rockylinux.org/RLSA-2023:2655
https://errata.rockylinux.org/RLSA-2023:4035
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-52159

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report