{"id":"ALPINE-CVE-2022-24903","details":"Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.","modified":"2026-03-09T01:20:13.250267Z","published":"2022-05-06T00:15:07.873Z","upstream":["CVE-2022-24903"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2022-24903"}],"affected":[{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.12","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2004.0-r2"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2004.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.13","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2012.0-r3"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2012.0-r2","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2012.0-r3"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2012.0-r2","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2108.0-r2"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}},{"package":{"name":"rsyslog","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/rsyslog?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2204.1-r0"}]}],"versions":["5.6.2-r0","5.8.0-r0","5.8.0-r1","5.8.5-r0","5.8.7-r0","5.8.7-r1","6.2.0-r0","6.2.2-r0","6.2.2-r1","6.2.2-r2","6.2.2-r3","6.4.2-r0","6.4.2-r1","6.4.2-r2","8.16.0-r0","8.18.0-r0","8.1904.0-r0","8.1908.0-r0","8.1910.0-r0","8.1910.0-r1","8.1911.0-r0","8.1911.0-r1","8.2.1-r0","8.2.2-r0","8.20.0-r0","8.20.0-r1","8.2001.0-r0","8.2001.0-r1","8.2002.0-r0","8.2002.0-r1","8.2002.0-r2","8.2002.0-r3","8.2004.0-r0","8.2006.0-r0","8.2006.0-r1","8.2006.0-r2","8.2008.0-r0","8.2010.0-r0","8.2010.0-r1","8.2012.0-r0","8.2012.0-r1","8.2106.0-r0","8.2108.0-r0","8.2108.0-r1","8.2204.0-r0","8.23.0-r0","8.24.0-r0","8.25.0-r0","8.26.0-r0","8.27.0-r0","8.30.0-r0","8.31.0-r0","8.31.0-r1","8.33.1-r0","8.33.1-r1","8.34.0-r0","8.36.0-r0","8.37.0-r0","8.4.1-r0","8.4.2-r0","8.4.2-r1","8.40.0-r0","8.40.0-r1","8.40.0-r2","8.40.0-r3","8.7.0-r0","8.9.0-r0","8.9.0-r1","8.9.0-r2"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2022-24903.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}