{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/vex/2022/cve-2022-3219-els_os-almalinux9_2esu.json" } ], "tracking": { "current_release_date": "2026-05-09T04:24:32Z", "generator": { "date": "2026-05-09T04:24:32Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2022-3219-ELS_OS-ALMALINUX9.2ESU", "initial_release_date": "2022-01-01T00:00:00Z", "revision_history": [ { "date": "2022-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-30T22:27:30Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-05-09T04:24:32Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2022-3219" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" }, { "branches": [ { "category": "product_version", "name": "gnupg2-smime-0:2.3.3-2.el9_0.x86_64", "product": { "name": "gnupg2-smime-0:2.3.3-2.el9_0.x86_64", "product_id": "gnupg2-smime-0:2.3.3-2.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/gnupg2-smime@2.3.3-2.el9_0?arch=x86_64" } } }, { "category": "product_version", "name": "gnupg2-0:2.3.3-2.el9_0.x86_64", "product": { "name": "gnupg2-0:2.3.3-2.el9_0.x86_64", "product_id": "gnupg2-0:2.3.3-2.el9_0.x86_64", "product_identification_helper": { "purl": "pkg:rpm/almalinux/gnupg2@2.3.3-2.el9_0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "product": { "name": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "product_id": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gnupg2-smime@2.3.3-2.el9_0.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "product": { "name": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "product_id": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gnupg2-smime@2.3.3-2.el9_0.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "product": { "name": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "product_id": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gnupg2@2.3.3-2.el9_0.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "product": { "name": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "product_id": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/gnupg2@2.3.3-2.el9_0.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64" }, "product_reference": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64" }, "product_reference": "gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64" }, "product_reference": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64" }, "product_reference": "gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "gnupg2-smime-0:2.3.3-2.el9_0.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.x86_64" }, "product_reference": "gnupg2-smime-0:2.3.3-2.el9_0.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "gnupg2-0:2.3.3-2.el9_0.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.x86_64" }, "product_reference": "gnupg2-0:2.3.3-2.el9_0.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-3219", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-3219" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2022-3219", "url": "https://access.redhat.com/security/cve/CVE-2022-3219" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127010" }, { "category": "external", "summary": "https://dev.gnupg.org/D556", "url": "https://dev.gnupg.org/D556" }, { "category": "external", "summary": "https://dev.gnupg.org/T5993", "url": "https://dev.gnupg.org/T5993" }, { "category": "external", "summary": "https://marc.info/?l=oss-security&m=165696590211434&w=4", "url": "https://marc.info/?l=oss-security&m=165696590211434&w=4" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230324-0001/", "url": "https://security.netapp.com/advisory/ntap-20230324-0001/" } ], "release_date": "2023-02-23T20:15:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-05-09T03:44:40.655108Z", "details": "This is a local, denial‑of‑service condition that only causes GnuPG to consume CPU while parsing crafted OpenPGP data; it has no confidentiality or integrity impact and does not elevate privileges. Exploitation requires the ability to feed malicious key material to a local GnuPG invocation (at least low privileges), and GnuPG is typically an on‑demand userland tool rather than a network‑exposed service, so any impact is confined to the invoking process’s resources. Given the narrow preconditions and limited, transient effect, this issue can be safely deprioritized in managed enterprise server and VM environments.", "product_ids": [ "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "AlmaLinux-9.2:gnupg2-0:2.3.3-2.el9_0.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els1.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.tuxcare.els2.x86_64", "AlmaLinux-9.2:gnupg2-smime-0:2.3.3-2.el9_0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }