For GOS 22.04, a new patch level is available.
This release fixes an error where – due to missing SQL quoting – scan tasks could cause an SQL error, potentially allowing for a denial of service (DoS) attack against the scan task that triggered the error via SQL injection, for example via a manipulated SSH Banner, causing the task to be interrupted. Even if the error was triggered without malicious intent, scan tasks could appear to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side.
We have no indication that this vulnerability has been exploited in the field and the bug was only introduced with GOS 22.04.11 which was released on 31st of May, 2023.
However, we strongly advise to upgrade to GOS 22.04.12.
In addition, GOS 22.04.12 includes several other important bug fixes as well as performance improvements.
In total, GOS 22.04.12 covers 7 improvement, 8 bug fixes, and 3 security fixes. For a complete list of changes, see the Roadmap & Lifecycle page: