{"id":"UBUNTU-CVE-2022-40281","details":"An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.","modified":"2026-01-20T17:30:43.824181Z","published":"2022-09-08T22:15:00Z","upstream":["CVE-2022-40281"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-40281"},{"type":"REPORT","url":"https://github.com/Samsung/TizenRT/issues/5626"},{"type":"REPORT","url":"https://www.openssl.org/docs/man1.1.1/man3/SSL_get_peer_certificate.html"},{"type":"REPORT","url":"https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/curl/vtls/cyassl.c#L545"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-40281"}],"affected":[{"package":{"name":"0ad","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/0ad@0.0.20-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.18-2","0.0.19-1","0.0.20-1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0.20-1","binary_name":"0ad"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-40281.json"}},{"package":{"name":"0ad","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/0ad@0.0.22-4?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.21-2","0.0.22-1","0.0.22-2","0.0.22-3","0.0.22-3build1","0.0.22-3.1","0.0.22-4"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0.22-4","binary_name":"0ad"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-40281.json"}},{"package":{"name":"0ad","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/0ad@0.0.23.1-4ubuntu3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.23.1-4build1","0.0.23.1-4ubuntu1","0.0.23.1-4ubuntu2","0.0.23.1-4ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0.23.1-4ubuntu3","binary_name":"0ad"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-40281.json"}},{"package":{"name":"0ad","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/0ad@0.0.25b-2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.25b-1","0.0.25b-1.1","0.0.25b-1.1ubuntu1","0.0.25b-2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0.25b-2","binary_name":"0ad"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-40281.json"}},{"package":{"name":"0ad","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/0ad@0.0.26-6ubuntu0.24.04.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.26-4","0.0.26-4build1","0.0.26-6ubuntu0.24.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.0.26-6ubuntu0.24.04.1","binary_name":"0ad"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-40281.json"}},{"package":{"name":"0ad","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/0ad@0.27.1-2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.27.0-2","0.27.0-2build1","0.27.1-2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.27.1-2","binary_name":"0ad"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-40281.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]}