Wiz
Vulnerability DatabaseCVE-2022-4743

CVE-2022-4743
CBL Mariner vulnerability analysis and mitigation

Overview

A memory leak vulnerability (CVE-2022-4743) was discovered in SDL2 (Simple DirectMedia Layer) affecting versions 2.0.4 and above, while SDL-1.x versions are not affected. The vulnerability was identified in the GLESCreateTexture() function within SDLrender_gles.c (NVD, Gentoo Security).

Technical details

The vulnerability stems from a potential memory leak in the GLESCreateTexture() function located in SDLrender_gles.c. The issue occurs when the function fails to properly free allocated memory in error paths, specifically when dealing with streaming texture access. The vulnerability has been assigned a CVSS score of 7.5, indicating a high severity level (Rapid7, GitHub PR).

Impact

When exploited, this vulnerability allows an attacker to cause a denial of service attack through memory resource exhaustion. The impact is particularly significant for applications that use SDL2 for rendering operations (NVD).

Mitigation and workarounds

The vulnerability has been fixed in SDL2 version 2.26.0. Users are advised to upgrade to this version or later. The fix involves properly freeing allocated memory in error paths within the GLES_CreateTexture function (Gentoo Security, GitHub Commit).

Additional resources

SourceThis report was generated using AI

Related CBL Mariner vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-62689HIGH8.7
  • NixOSNixOS
  • libmicrohttpd-devel
NoYesNov 10, 2025
CVE-2025-59777HIGH8.7
  • NixOSNixOS
  • libmicrohttpd-doc
NoYesNov 10, 2025
CVE-2025-47913HIGH7.5
  • PackerPacker
  • container-tools:rhel8::buildah-tests
NoYesNov 13, 2025
CVE-2024-47866HIGH7.5
  • CBL MarinerCBL Mariner
  • ceph
NoYesNov 12, 2025
CVE-2025-40210MEDIUM5.1
  • Linux KernelLinux Kernel
  • kernel-rt-64k-modules
NoYesNov 21, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo