CVE-2022-43756

Description

A denial of service (DoS) vulnerability exists in the Wrangler Git package. Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories. A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.

How to fix CVE-2022-43756

To remediate CVE-2022-43756, upgrade the affected package to a fixed version below.

• —upgrade to 0.7.4-security1 or later
• —upgrade to 0.7.4-security1 or later

Is CVE-2022-43756 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.7.4-security1
• from 0, < 0.7.4-security1, >= 0.8.0, < 0.8.5-security1, >= 0.8.6, < 0.8.11, >= 1.0.0, < 1.0.1

CVSS scores

References (8)

• ADVISORYgithub.com/advisories/GHSA-8fcj-gf77-47mg
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-43756
• PATCHgithub.com/rancher/wrangler
• WEBbugzilla.suse.com/show_bug.cgi?id=1205296
• WEBgithub.com