CVE-2022-28653

High

Published: 31 January 2025

Published

31 January 2025

Modified

26 August 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0019 41.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Users can consume unlimited disk space in /var/crash

Security Summary

CVE-2022-28653 is a vulnerability that allows users to consume unlimited disk space in the /var/crash directory. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with no confidentiality or integrity effects. No specific software or component is detailed in the available information, and it maps to NVD-CWE-noinfo.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables denial-of-service by filling the /var/crash directory with unlimited data, potentially exhausting disk resources and disrupting system operations.

The primary reference is the official CVE record at https://www.cve.org/CVERecord?id=CVE-2022-28653, published on 2025-01-31. No specific mitigation or patch details are provided in the available data.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

canonical

apport

≤ 2.21.0

References

https://www.cve.org/CVERecord?id=CVE-2022-28653
Third Party Advisory · security@ubuntu.com