{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T16:19:02.210","vulnerabilities":[{"cve":{"id":"CVE-2022-28228","sourceIdentifier":"browser-security@yandex-team.ru","published":"2022-12-23T22:15:08.647","lastModified":"2026-06-17T04:38:11.520","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash."},{"lang":"es","value":"Se descubrió una lectura fuera de los límites en el servidor YDB. Un atacante podría crear una consulta con una instrucción de inserción que le permitiría leer información confidencial de otras ubicaciones de la memoria o provocar un bloqueo."}],"affected":[{"source":"browser-security@yandex-team.ru","affectedData":[{"vendor":"n/a","product":"YDB","versions":[{"version":"All versions prior to version 22.4.44","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-15T13:26:37.599068Z","id":"CVE-2022-28228","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ydb:ydb:*:*:*:*:*:*:*:*","versionEndExcluding":"24.4.44","matchCriteriaId":"C9F9AD21-6335-40AF-BFCC-1C87D69FF564"}]}]}],"references":[{"url":"https://ydb.tech/ru/docs/security-changelog#28-11-2022","source":"browser-security@yandex-team.ru","tags":["Vendor Advisory"]},{"url":"https://ydb.tech/ru/docs/security-changelog#28-11-2022","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}