sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
CVE-2022-4254
HIGHNVD 8.88.8—Elevated
EchelonGraph scoreMEDIUM confidence
Score 8.8 from GitHub Security Advisory (severity: HIGH) published 2023-02-01. NVD baseline CVSS 8.8; sources differ by 0.0.
Triggered by: GitHub Security Advisory CVSS
Sources: epss, ghsa, nvd
8.8
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
- High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 1%CVSS: 8.8Exploit: NoneExposed: 0
A fix is available — apply it.
- CVSS v3
- 8.8
- EG Score
- 8.8(medium)
- EPSS
- 57.1%
- KEV
- Not listed
Published
February 1, 2023
Last Modified
March 27, 2025
References (10)
- secalert@redhathttps://access.redhat.com/security/cve/CVE-2022-4254
- secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=2149894
- secalert@redhathttps://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
- secalert@redhathttps://github.com/SSSD/sssd/issues/5135
- secalert@redhathttps://lists.debian.org/debian-lts-announce/2023/05/msg00028.html
- af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2022-4254
- af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2149894
- af854a3a-2127-422b-91ae-364da2661108https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274
- af854a3a-2127-422b-91ae-364da2661108https://github.com/SSSD/sssd/issues/5135
- af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html
All Vendor Advisories
(4)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Frequently asked(5)
What is CVE-2022-4254?
CVE-2022-4254 is a high vulnerability published on February 1, 2023. sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
When was CVE-2022-4254 disclosed?
CVE-2022-4254 was first published in the National Vulnerability Database on February 1, 2023, with the most recent update on March 27, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2022-4254 actively exploited?
CVE-2022-4254 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 57.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2022-4254?
CVE-2022-4254 has a CVSS v3 base score of 8.8 (NVD).
How do I remediate CVE-2022-4254?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2022-4254, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2022-4254
Is Your Infrastructure Affected by CVE-2022-4254?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.