CVE & CISA-KEV Catalog

CVE-2022-40898

HIGHEPSS 84th pctl
7.5
CVSS v3
NVD

Description

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

How to fix

Remediation Available
wheelDebian
Fixed in:0.38.0-1CVE-2022-40898
Fixed in:0.38.0-1CVE-2022-40898
Fixed in:0.38.0-1CVE-2022-40898
python-wheelRed Hat / RHEL
Fixed in:1:0.36.2-8.el9RHSA-2023:6712
python-wheelRocky
Fixed in:1:0.36.2-8.el9RHSA-2023:6712
python3-wheelRed Hat / RHEL
Fixed in:1:0.36.2-8.el9RHSA-2023:6712
python3-wheelRocky
Fixed in:1:0.36.2-8.el9RHSA-2023:6712
python3-wheel-wheelRocky
Fixed in:1:0.36.2-8.el9RHSA-2023:6712
python3-wheel-wheelRed Hat / RHEL
Fixed in:1:0.36.2-8.el9RHSA-2023:6712
rh-python38-pythonRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-pythonRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-cryptographyRocky
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
rh-python38-python-cryptographyRed Hat / RHEL
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
rh-python38-python-cryptography-debuginfoRocky
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
rh-python38-python-cryptography-debuginfoRed Hat / RHEL
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
Fixed in:0:2.8-6.el7RHSA-2023:6793
rh-python38-python-debugRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-debugRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-debuginfoRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-debuginfoRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-develRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-develRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-idleRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-idleRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-libsRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-libsRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-pipRed Hat / RHEL
Fixed in:0:19.3.1-4.el7RHSA-2023:6793
Fixed in:0:19.3.1-4.el7RHSA-2023:6793
rh-python38-python-pipRocky
Fixed in:0:19.3.1-4.el7RHSA-2023:6793
Fixed in:0:19.3.1-4.el7RHSA-2023:6793
rh-python38-python-pip-wheelRed Hat / RHEL
Fixed in:0:19.3.1-4.el7RHSA-2023:6793
rh-python38-python-pip-wheelRocky
Fixed in:0:19.3.1-4.el7RHSA-2023:6793
rh-python38-python-requestsRocky
Fixed in:0:2.22.0-11.el7RHSA-2023:6793
Fixed in:0:2.22.0-11.el7RHSA-2023:6793
rh-python38-python-requestsRed Hat / RHEL
Fixed in:0:2.22.0-11.el7RHSA-2023:6793
Fixed in:0:2.22.0-11.el7RHSA-2023:6793
rh-python38-python-rpm-macrosRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-rpm-macrosRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-setuptoolsRed Hat / RHEL
Fixed in:0:41.6.0-8.el7RHSA-2023:6793
Fixed in:0:41.6.0-8.el7RHSA-2023:6793
rh-python38-python-setuptoolsRocky
Fixed in:0:41.6.0-8.el7RHSA-2023:6793
Fixed in:0:41.6.0-8.el7RHSA-2023:6793
rh-python38-python-setuptools-wheelRocky
Fixed in:0:41.6.0-8.el7RHSA-2023:6793
rh-python38-python-setuptools-wheelRed Hat / RHEL
Fixed in:0:41.6.0-8.el7RHSA-2023:6793
rh-python38-python-srpm-macrosRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-srpm-macrosRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-testRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-testRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-tkinterRed Hat / RHEL
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-tkinterRocky
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
Fixed in:0:3.8.18-2.el7RHSA-2023:6793
rh-python38-python-wheelRed Hat / RHEL
Fixed in:0:0.33.6-9.el7RHSA-2023:6793
Fixed in:0:0.33.6-9.el7RHSA-2023:6793
rh-python38-python-wheelRocky
Fixed in:0:0.33.6-9.el7RHSA-2023:6793
Fixed in:0:0.33.6-9.el7RHSA-2023:6793
rh-python38-python-wheel-wheelRed Hat / RHEL
Fixed in:0:0.33.6-9.el7RHSA-2023:6793
rh-python38-python-wheel-wheelRocky
Fixed in:0:0.33.6-9.el7RHSA-2023:6793
rhc-worker-playbookRed Hat / RHEL
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
rhc-worker-playbookRocky
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
rhc-worker-playbook-debuginfoRocky
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
rhc-worker-playbook-debuginfoRed Hat / RHEL
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
Fixed in:0:0.1.10-1.el9_5RHSA-2024:10761
python-pipUbuntu
Fixed in:1.5.4-1ubuntu4+esm3USN-5821-3
Fixed in:8.1.1-2ubuntu0.6+esm4USN-5821-3
Fixed in:9.0.1-2.3~ubuntu1.18.04.7USN-5821-3
Fixed in:20.0.2-5ubuntu1.8USN-5821-3
Fixed in:22.0.2+dfsg-1ubuntu0.2USN-5821-3
Fixed in:22.2+dfsg-1ubuntu0.2USN-5821-3
python-pip-whlUbuntu
Fixed in:1.5.4-1ubuntu4+esm3USN-5821-3
Fixed in:8.1.1-2ubuntu0.6+esm4USN-5821-3
Fixed in:9.0.1-2.3~ubuntu1.18.04.7USN-5821-3
Fixed in:20.0.2-5ubuntu1.8USN-5821-3
python-wheelUbuntu
Fixed in:0.24.0-1~ubuntu1.1+esm1USN-5821-1
Fixed in:0.29.0-1ubuntu0.1~esm1USN-5821-2
Fixed in:0.30.0-0.2ubuntu0.1USN-5821-1
python3-pipUbuntu
Fixed in:1.5.4-1ubuntu4+esm3USN-5821-3
Fixed in:8.1.1-2ubuntu0.6+esm4USN-5821-3
Fixed in:9.0.1-2.3~ubuntu1.18.04.7USN-5821-3
Fixed in:20.0.2-5ubuntu1.8USN-5821-3
Fixed in:22.0.2+dfsg-1ubuntu0.2USN-5821-3
Fixed in:22.2+dfsg-1ubuntu0.2USN-5821-3
python3-pip-whlUbuntu
Fixed in:22.0.2+dfsg-1ubuntu0.2USN-5821-3
Fixed in:22.2+dfsg-1ubuntu0.2USN-5821-3
python3-wheelUbuntu
Fixed in:0.24.0-1~ubuntu1.1+esm1USN-5821-1
Fixed in:0.29.0-1ubuntu0.1~esm1USN-5821-2
Fixed in:0.30.0-0.2ubuntu0.1USN-5821-1
Fixed in:0.34.2-1ubuntu0.1USN-5821-1
Fixed in:0.37.1-2ubuntu0.22.04.1USN-5821-1
Fixed in:0.37.1-2ubuntu0.22.10.1USN-5821-1
wheelUbuntu
Fixed in:0.24.0-1~ubuntu1.1+esm1USN-5821-1
Fixed in:0.29.0-1ubuntu0.1~esm1USN-5821-2
Fixed in:0.30.0-0.2ubuntu0.1USN-5821-1
Fixed in:0.34.2-1ubuntu0.1USN-5821-1
Fixed in:0.37.1-2ubuntu0.22.04.1USN-5821-1
Fixed in:0.37.1-2ubuntu0.22.10.1USN-5821-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

2.66%probability of exploitation in 30 days
84thpercentile

Elevated risk: more likely to be exploited than 84% of all known CVEs.

References

Exploit1
Third-Party Advisory2

Related Vulnerabilities

Other CWE-20 (Improper Input Validation) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-3400Critical10.0100%KEV + Ransom-
CVE-2021-45105Medium5.9100%-Fix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-21985Critical9.8100%KEV + RansomFix
CVE-2018-7600Critical9.8100%KEV + RansomFix
CVE-2020-3452High7.5100%KEVFix
Embed a live status badge for CVE-2022-40898
CVE-2022-40898 severity badge

Markdown

[![CVE-2022-40898](https://tridentstack.com/cve/badge/CVE-2022-40898.svg)](https://tridentstack.com/cve/CVE-2022-40898)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-40898"><img src="https://tridentstack.com/cve/badge/CVE-2022-40898.svg" alt="CVE-2022-40898"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-04-15.