{"id":"UBUNTU-CVE-2022-23639","details":"crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell\u003c{i,u}64\u003e` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.","modified":"2026-05-20T16:07:48.743799318Z","published":"2022-02-15T19:15:00Z","upstream":["CVE-2022-23639"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23639"},{"type":"REPORT","url":"https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7"},{"type":"REPORT","url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926"},{"type":"REPORT","url":"https://github.com/crossbeam-rs/crossbeam/pull/781"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-23639"}],"affected":[{"package":{"name":"rustc","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/rustc?arch=source&distro=trusty%2Fesm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.15.1+dfsg0-1~exp1ubuntu2~14.04.7","1.17.0+dfsg2-8~ubuntu0.14.04.3","1.21.0+dfsg1+llvm-0ubuntu3~14.04.5","1.22.1+dfsg1+llvm-0ubuntu2~14.04.2","1.24.1+dfsg1+llvm-0ubuntu1~14.04.1","1.25.0+dfsg1+llvm-0ubuntu1~14.04.1","1.28.0+dfsg1+llvm-0ubuntu1~14.04.1","1.30.0+dfsg1+llvm-2ubuntu1~14.04.1","1.31.0+dfsg1+llvm-2ubuntu1~14.04.1","1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1","binary_name":"libstd-rust-1.31"},{"binary_version":"1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1","binary_name":"rust-gdb"},{"binary_version":"1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1","binary_name":"rust-lldb"},{"binary_version":"1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1","binary_name":"rust-src"},{"binary_version":"1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1","binary_name":"rustc"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"cargo","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/cargo?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.8.0-1","0.16.0-0ubuntu1~16.04.1","0.18.0-0ubuntu0.16.04.1","0.22.0-0ubuntu0.16.04.1","0.23.0-0ubuntu0.16.04.1","0.25.0-1ubuntu1~16.04.1","0.26.0-0ubuntu2~16.04.1","0.29.0-1ubuntu1~16.04.1","0.31.0-3ubuntu1~16.04.1","0.32.0-1~exp1ubuntu1~16.04.1","0.33.0-1ubuntu1~16.04.1","0.35.0-0ubuntu1~16.04.1","0.36.0-0ubuntu1~16.04.1","0.37.0-3ubuntu1~16.04.1","0.38.0-0ubuntu1~16.04.1","0.40.0-3ubuntu1~16.04.1","0.42.0-0ubuntu1~16.04.1","0.44.1-0ubuntu1~16.04.1","0.47.0-1~exp1ubuntu1~16.04.1","0.47.0-1~exp1ubuntu1~16.04.1+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.47.0-1~exp1ubuntu1~16.04.1+esm1","binary_name":"cargo"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"rustc","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/rustc?arch=source&distro=esm-infra%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.7.0+dfsg1-1","1.15.1+dfsg0-1~exp1ubuntu2~16.04.3","1.17.0+dfsg2-8~ubuntu0.16.04.2","1.21.0+dfsg1+llvm-0ubuntu3~16.04.1","1.22.1+dfsg1+llvm-0ubuntu2~16.04.2","1.24.1+dfsg1+llvm-0ubuntu1~16.04.1","1.25.0+dfsg1+llvm-0ubuntu1~16.04.1","1.28.0+dfsg1+llvm-0ubuntu1~16.04.1","1.30.0+dfsg1+llvm-2ubuntu1~16.04.1","1.31.0+dfsg1+llvm-2ubuntu1~16.04.1","1.32.0+dfsg1+llvm-1ubuntu1~16.04.1","1.34.1+dfsg2+llvm-0ubuntu1~16.04.1","1.35.0+dfsg0.1+llvm-0ubuntu1~16.04.1","1.36.0+dfsg1+llvm-2ubuntu1~16.04.1","1.37.0+dfsg1+llvm-1ubuntu1~16.04.1","1.39.0+dfsg1+llvm-3ubuntu1~16.04.1","1.41.0+dfsg1+llvm-0ubuntu1~16.04.1","1.43.0+dfsg1+llvm-1~exp1ubuntu2~16.04.1","1.47.0+dfsg1+llvm-1ubuntu1~16.04.1","1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2","binary_name":"libstd-rust-1.47"},{"binary_version":"1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2","binary_name":"rust-gdb"},{"binary_version":"1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2","binary_name":"rust-lldb"},{"binary_version":"1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2","binary_name":"rust-src"},{"binary_version":"1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2","binary_name":"rustc"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"mozjs52","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mozjs52?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["52.3.1-0ubuntu3","52.3.1-7fakesync1","52.8.1-0ubuntu0.18.04.1","52.9.1-0ubuntu0.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"52.9.1-0ubuntu0.18.04.1","binary_name":"libmozjs-52-0"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"mozjs38","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mozjs38?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["38.8.0~repack1-0ubuntu1","38.8.0~repack1-0ubuntu3","38.8.0~repack1-0ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_version":"38.8.0~repack1-0ubuntu4","binary_name":"libmozjs-38-0"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"rustc","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/rustc?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2"}]}],"versions":["1.37.0+dfsg1+llvm-1ubuntu1","1.38.0+dfsg0.2+llvm-0ubuntu1","1.38.0+dfsg0.2+llvm-0ubuntu2","1.39.0+dfsg1+llvm-3ubuntu1","1.40.0+dfsg1+llvm-5ubuntu1","1.41.0+dfsg1+llvm-0ubuntu1","1.41.0+dfsg1+llvm-0ubuntu2","1.43.0+dfsg1+llvm-1~exp1ubuntu1~20.04.1","1.47.0+dfsg1+llvm-1ubuntu1~20.04.1","1.51.0+dfsg1+llvm-1~exp3ubuntu1~20.04.2","1.53.0+dfsg1+llvm-4ubuntu1~20.04.1","1.57.0+dfsg1+llvm-0ubuntu1~20.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"libstd-rust-1.59"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rust-all"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rust-clippy"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rust-gdb"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rust-lldb"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rust-src"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rustc"},{"binary_version":"1.59.0+dfsg1~ubuntu1~llvm-1~ubuntu1~20.04.2","binary_name":"rustfmt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"mozjs68","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mozjs68?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["68.5.0-1~fakesync","68.5.0-2~fakesync","68.6.0-1","68.6.0-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"68.6.0-1ubuntu1","binary_name":"libmozjs-68-0"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"mozjs52","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mozjs52?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["52.9.1-1build1","52.9.1-1ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"52.9.1-1ubuntu3","binary_name":"libmozjs-52-0"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"rust-crossbeam-utils","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/rust-crossbeam-utils?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.6.6-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.6.6-1","binary_name":"librust-crossbeam-utils+lazy-static-dev"},{"binary_version":"0.6.6-1","binary_name":"librust-crossbeam-utils-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"firefox","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/firefox?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1snap1-0ubuntu1"}]}],"versions":["93.0+build1-0ubuntu3","94.0+build3-0ubuntu1","94.0.2+build1-0ubuntu1","94.0.2+build2-0ubuntu1","95.0+build1-0ubuntu1","95.0.1+build2-0ubuntu1","95.0.2+build1-0ubuntu1","96.0+build2-0ubuntu1","96.0.1+build1-0ubuntu1","96.0.2+build1-0ubuntu1","96.0.3+build1-0ubuntu1","97.0+build1-0ubuntu1","97.0+build2-0ubuntu1","97.0.1+build1-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1:1snap1-0ubuntu1","binary_name":"firefox"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"mozjs78","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mozjs78?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["78.13.0-1","78.15.0-2","78.15.0-4ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"78.15.0-4ubuntu1","binary_name":"libmozjs-78-0"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"rust-crossbeam-utils","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/rust-crossbeam-utils?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.2-2","0.8.5-2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.8.5-2","binary_name":"librust-crossbeam-utils+lazy-static-dev"},{"binary_version":"0.8.5-2","binary_name":"librust-crossbeam-utils-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"rust-crossbeam-utils-0.7","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/rust-crossbeam-utils-0.7?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.7.2-3"],"ecosystem_specific":{"binaries":[{"binary_version":"0.7.2-3","binary_name":"librust-crossbeam-utils-0.7+lazy-static-dev"},{"binary_version":"0.7.2-3","binary_name":"librust-crossbeam-utils-0.7-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"rustc","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/rustc?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.58.1+dfsg1~ubuntu1-0ubuntu1"}]}],"versions":["1.51.0+dfsg1+llvm-1~exp3ubuntu1","1.53.0+dfsg1+llvm-4ubuntu1","1.54.0+dfsg2+llvm-3ubuntu1","1.56.0+dfsg1+llvm-2ubuntu1","1.56.0+dfsg1+llvm-2ubuntu2","1.57.0+dfsg1+llvm-0ubuntu1","1.57.0+dfsg1+llvm-0ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"libstd-rust-1.58"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rust-all"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rust-clippy"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rust-gdb"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rust-lldb"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rust-src"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rustc"},{"binary_version":"1.58.1+dfsg1~ubuntu1-0ubuntu1","binary_name":"rustfmt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"thunderbird","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/thunderbird?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:91.1.2+build1-0ubuntu1","1:91.3.0+build2-0ubuntu1","1:91.3.1+build1-0ubuntu1","1:91.3.2+build1-0ubuntu1","1:91.4.0+build1.1-0ubuntu1","1:91.4.0+build2-0ubuntu1","1:91.5.0+build1-0ubuntu1","1:91.5.1+build1-0ubuntu1","1:91.6.1+build1-0ubuntu1","1:91.7.0+build1-0ubuntu1","1:91.7.0+build2-0ubuntu1","1:91.8.0+build2-0ubuntu1","1:91.9.1+build1-0ubuntu0.22.04.1","1:91.11.0+build2-0ubuntu0.22.04.1","1:102.2.2+build1-0ubuntu0.22.04.1","1:102.4.2+build2-0ubuntu0.22.04.1","1:102.7.1+build2-0ubuntu0.22.04.1","1:102.8.0+build2-0ubuntu0.22.04.1","1:102.9.0+build1-0ubuntu0.22.04.1","1:102.10.0+build2-0ubuntu0.22.04.1","1:102.11.0+build1-0ubuntu0.22.04.1","1:102.13.0+build1-0ubuntu0.22.04.1","1:102.15.0+build1-0ubuntu0.22.04.1","1:102.15.1+build1-0ubuntu0.22.04.1","1:115.3.1+build1-0ubuntu0.22.04.2","1:115.4.1+build1-0ubuntu0.22.04.1","1:115.5.0+build1-0ubuntu0.22.04.1","1:115.6.0+build2-0ubuntu0.22.04.1","1:115.8.1+build1-0ubuntu0.22.04.1","1:115.9.0+build1-0ubuntu0.22.04.1","1:115.10.1+build1-0ubuntu0.22.04.1","1:115.11.0+build2-0ubuntu0.22.04.1","1:115.12.0+build3-0ubuntu0.22.04.1","1:115.13.0+build5-0ubuntu0.22.04.1","1:115.15.0+build1-0ubuntu0.22.04.1","1:115.16.0+build2-0ubuntu0.22.04.1","1:115.18.0+build1-0ubuntu0.22.04.1","1:128.12.0+build1-0ubuntu0.22.04.1","1:140.7.1+build1-0ubuntu0.22.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:140.7.1+build1-0ubuntu0.22.04.1","binary_name":"thunderbird"},{"binary_version":"1:140.7.1+build1-0ubuntu0.22.04.1","binary_name":"thunderbird-gnome-support"},{"binary_version":"1:140.7.1+build1-0ubuntu0.22.04.1","binary_name":"thunderbird-mozsymbols"},{"binary_version":"1:140.7.1+build1-0ubuntu0.22.04.1","binary_name":"xul-ext-calendar-timezones"},{"binary_version":"1:140.7.1+build1-0ubuntu0.22.04.1","binary_name":"xul-ext-gdata-provider"},{"binary_version":"1:140.7.1+build1-0ubuntu0.22.04.1","binary_name":"xul-ext-lightning"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"thunderbird","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/thunderbird?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:115.3.1+build1-0ubuntu1","1:115.4.1+build1-0ubuntu1","1:115.4.3+build1-0ubuntu1","1:115.5.0+build1-0ubuntu1","1:115.5.1+build1-0ubuntu1","1:115.5.2+build2-0ubuntu1","1:115.6.0+build1-0ubuntu1","1:115.6.0+build2-0ubuntu1","1:115.6.1+build1-0ubuntu1","1:115.8.0+build1-0ubuntu1","1:115.8.1+build1+snap2","1:115.8.1+build1+snap3","2:1snap1-0ubuntu1","2:1snap1-0ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1snap1-0ubuntu3","binary_name":"thunderbird"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"thunderbird","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/thunderbird?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:1snap1-0ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1snap1-0ubuntu3","binary_name":"thunderbird"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}},{"package":{"name":"thunderbird","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/thunderbird?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2:1snap1-0ubuntu3","2:1snap1-0ubuntu4","2:1snap1-0ubuntu5"],"ecosystem_specific":{"binaries":[{"binary_version":"2:1snap1-0ubuntu5","binary_name":"thunderbird"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23639.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}