Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From SUSE_CVE-2022-24407:In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Solution(s)
suse-upgrade-cyrus-saslsuse-upgrade-cyrus-sasl-32bitsuse-upgrade-cyrus-sasl-crammd5suse-upgrade-cyrus-sasl-crammd5-32bitsuse-upgrade-cyrus-sasl-digestmd5suse-upgrade-cyrus-sasl-digestmd5-32bitsuse-upgrade-cyrus-sasl-gssapisuse-upgrade-cyrus-sasl-gssapi-32bitsuse-upgrade-cyrus-sasl-openssl1suse-upgrade-cyrus-sasl-openssl1-32bitsuse-upgrade-cyrus-sasl-openssl1-crammd5suse-upgrade-cyrus-sasl-openssl1-crammd5-32bitsuse-upgrade-cyrus-sasl-openssl1-crammd5-x86suse-upgrade-cyrus-sasl-openssl1-digestmd5suse-upgrade-cyrus-sasl-openssl1-digestmd5-32bitsuse-upgrade-cyrus-sasl-openssl1-digestmd5-x86suse-upgrade-cyrus-sasl-openssl1-gssapisuse-upgrade-cyrus-sasl-openssl1-gssapi-32bitsuse-upgrade-cyrus-sasl-openssl1-gssapi-x86suse-upgrade-cyrus-sasl-openssl1-ntlmsuse-upgrade-cyrus-sasl-openssl1-otpsuse-upgrade-cyrus-sasl-openssl1-otp-32bitsuse-upgrade-cyrus-sasl-openssl1-otp-x86suse-upgrade-cyrus-sasl-openssl1-plainsuse-upgrade-cyrus-sasl-openssl1-plain-32bitsuse-upgrade-cyrus-sasl-openssl1-plain-x86suse-upgrade-cyrus-sasl-openssl1-x86suse-upgrade-cyrus-sasl-otpsuse-upgrade-cyrus-sasl-otp-32bitsuse-upgrade-cyrus-sasl-plainsuse-upgrade-cyrus-sasl-plain-32bitsuse-upgrade-cyrus-sasl-saslauthdsuse-upgrade-cyrus-sasl-sqlauxpropsuse-upgrade-cyrus-sasl-sqlauxprop-32bit
ReferencesSUSE-SU-2022:14894-1CVE-2022-24407USN-5301-1USN-5301-2