How severe is CVE-2022-21724?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-21724?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2022-21724

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-665

View all →

Vulnerability Description

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.

CVE-2008-0062

CRITICAL

CVSS:9.8(Critical)

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c...

CWE-6652008

CVE-2015-8367

CRITICAL

CVSS:9.8(Critical)

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

CWE-6652015

CVE-2017-13715

CRITICAL

CVSS:9.8(Critical)

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a ...

CWE-6652017

CVE-2018-11949

CRITICAL

CVSS:9.8(Critical)

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil...

CWE-6652018

CVE-2019-10196

CRITICAL

CVSS:9.8(Critical)

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Den...

CWE-6652019

CVE-2019-14271

CRITICAL

CVSS:9.8(Critical)

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the content...

CWE-6652019

CVE-2022-21724

Vulnerability Description

Related Vulnerabilities

CVE-2008-0062

CVE-2015-8367

CVE-2017-13715

CVE-2018-11949

CVE-2019-10196

CVE-2019-14271