Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
References
Link | Resource |
---|---|
https://security.netapp.com/advisory/ntap-20220707-0003/ | Third Party Advisory |
https://tanzu.vmware.com/security/cve-2022-22976 | Mitigation Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2022-05-19T14:50:46
Updated: 2022-07-25T16:47:52
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22976
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-19T15:15:08.000
Modified: 2024-06-13T18:38:29.997
Link: CVE-2022-22976
JSON object: View
Redhat Information
No data.
CWE