{"id":"CVE-2022-4254","details":"sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters","modified":"2026-04-02T08:19:50.460105Z","published":"2023-02-01T17:15:09.680Z","related":["SUSE-SU-2023:0200-1","SUSE-SU-2023:0204-1","SUSE-SU-2023:0292-1","SUSE-SU-2023:0300-1","SUSE-SU-2023:0301-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-4254"},{"type":"FIX","url":"https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274"},{"type":"FIX","url":"https://github.com/SSSD/sssd/issues/5135"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2149894"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sssd/sssd","events":[{"introduced":"b47fd11a259c50e63cd674c7cba0da3f2549cae0"},{"fixed":"7e004b7c50204218928e5c615ba27c2c3dfe8e20"},{"fixed":"a2b9a84460429181f2a4fa7e2bb5ab49fd561274"}],"database_specific":{"versions":[{"introduced":"1.15.3"},{"fixed":"2.3.1"}]}}],"versions":["sssd-1_15_3","sssd-1_16_0","sssd-1_16_1","sssd-1_16_2","sssd-1_16_3","sssd-1_16_4","sssd-1_16_5","sssd-2_0_0","sssd-2_1_0","sssd-2_2_0","sssd-2_2_1","sssd-2_2_2","sssd-2_2_3","sssd-2_3_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["115648587737536876340900747468043932042","286224869138222931870565593224301074919","321702972262151397103700495864168912127","43911331127776708834901769323453442400","353508519408071651079584666076386080","190051955111482294960613982440698725204","303604684200052643469605290014436589053","13064777728386254614162706723010804479","72654532134074875520478793791890497160"]},"deprecated":false,"signature_type":"Line","target":{"file":"src/lib/certmap/sss_certmap.h"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-1565ecf2","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["33724279268746321400631654207959706923","27300994548539462473334541111544164071","72512766298096155686055085849324235432","272132699913062883074587305311608640310","227620765115951312875252387389037601701","101094000425037005804335556436403781341"]},"deprecated":false,"signature_type":"Line","target":{"file":"src/responder/pam/pamsrv_p11.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-1d540634","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["36909215924900544494525216158936713968","42105713235869948546828992598067442174","155070925602404319338742258616762884755","67147552904434545600510443440721527359","272741689146825180179974972369000022461","156754113297040636827135621532041706261","294920703340554081283691535033066903119","85363435212350909049524451135263449746","177135464380060035035156312505292822078","188988644087980304036912403365013826585","259289658023137174481571082323231837093","147240680171922100228217095992962658847","177441630041527437182789890155705956803","281406870368023647678861793837738382725","312749730128583540001365430720699500977","77452386791366332282348833087111557874","318608790895456976002893594098500852505","115519019007468916944016789718813473363","124990693462051850692786670205654187018","38887932722355374902777494180092744972","280477252543038786306644124077501494947","14330757469830604991130633877058296025","297064699406468323924929506355036124340","300928442213581228110488666307653095153","312834993452331704264966628201811901701","286186564281202413608708077818591940581","233219589035782062932581202349418593239","218162664972284675313635065891299159877","297028285398423934411944287337823867880","46548479036606185016570126803657670048","71267805246239337697721068170527756650","237093296167191241881556532053063326188","144189858392383361426732997074732513147","179719884906250549375258838122874719814","113857954141623737093610428702572489874","56428874621999911529796690695680780318","311786312309346426341895317911238562820","89914603881019606861459595928667330521","236595512706804387188577672798550267611"]},"deprecated":false,"signature_type":"Line","target":{"file":"src/lib/certmap/sss_certmap.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-62c6c49a","signature_version":"v1"},{"digest":{"length":627,"function_hash":"297123151550588819526311133591175452566"},"deprecated":false,"signature_type":"Function","target":{"function":"test_confdb_get_enabled_domain_list","file":"src/tests/cmocka/confdb/test_confdb.c"},"source":"https://github.com/sssd/sssd/commit/7e004b7c50204218928e5c615ba27c2c3dfe8e20","id":"CVE-2022-4254-722c5f3f","signature_version":"v1"},{"digest":{"length":1081,"function_hash":"245528362416923772662928663376884284353"},"deprecated":false,"signature_type":"Function","target":{"function":"get_cert_prompt","file":"src/responder/pam/pamsrv_p11.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-7513c61a","signature_version":"v1"},{"digest":{"length":888,"function_hash":"227006874019069492834395687983301817264"},"deprecated":false,"signature_type":"Function","target":{"function":"get_filter","file":"src/lib/certmap/sss_certmap.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-81c19f99","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["293828366621105852606773146397326776516","166772269336337540781723351910662929813","59040924752834049650594787357820217762","124890250656294650744849030813570380528"]},"deprecated":false,"signature_type":"Line","target":{"file":"src/tests/cmocka/confdb/test_confdb.c"},"source":"https://github.com/sssd/sssd/commit/7e004b7c50204218928e5c615ba27c2c3dfe8e20","id":"CVE-2022-4254-b0b2e5c3","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["242467306997123619383848555276427870472","37117102308644390218267099065923735502","307663653181867055955206404625995009000","193945555105656936453847297800470789796"]},"deprecated":false,"signature_type":"Line","target":{"file":"src/util/util_ext.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-b48bd774","signature_version":"v1"},{"digest":{"length":1598,"function_hash":"334022399598782433399976886285467748727"},"deprecated":false,"signature_type":"Function","target":{"function":"sss_certmap_get_search_filter","file":"src/lib/certmap/sss_certmap.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-ce38ffbb","signature_version":"v1"},{"digest":{"length":5552,"function_hash":"46393581563389592887817398668133808659"},"deprecated":false,"signature_type":"Function","target":{"function":"test_sss_certmap_get_search_filter","file":"src/tests/cmocka/test_certmap.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-debbfdce","signature_version":"v1"},{"digest":{"length":988,"function_hash":"26101549398144425817266298166454580216"},"deprecated":false,"signature_type":"Function","target":{"function":"expand_template","file":"src/lib/certmap/sss_certmap.c"},"source":"https://github.com/sssd/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","id":"CVE-2022-4254-ef34f3be","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4254.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}