CVE-2022-47085: libostree vulnerable to denial of service attack

July 18, 2023 (updated December 20, 2023)

An issue was discovered in ostree before version 0.17.1 allows attackers to cause a denial of service via the print_panic function in repo_checkout_filter.rs.

References

doc.rust-lang.org/std/macro.eprintln.html
github.com/advisories/GHSA-x96g-95fq-4xv4
github.com/ostreedev/ostree
github.com/ostreedev/ostree/commit/d9bb160a7c1e7f0a2308a7282622b91bc27d448c
github.com/ostreedev/ostree/issues/2775
nvd.nist.gov/vuln/detail/CVE-2022-47085

Detect and mitigate CVE-2022-47085 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →