CVE-2022-22823
Summary
| CVE | CVE-2022-22823 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-01-10 14:12:00 UTC |
|---|
| Updated | 2022-10-06 14:47:00 UTC |
|---|
| Description | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities - Security Advisory | Tenable® |
CONFIRM |
www.tenable.com |
|
| [W.I.P.] lib: Prevent more integer overflows by hartwork · Pull Request #539 · libexpat/libexpat · GitHub |
MISC |
github.com |
|
| Debian -- Security Information -- DSA-5073-1 expat |
DEBIAN |
www.debian.org |
|
| oss-security - Expat 2.4.3 released, includes 8 security fixes |
MLIST |
www.openwall.com |
|
| Expat: Multiple Vulnerabilities (GLSA 202209-24) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf |
CONFIRM |
cert-portal.siemens.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159712 Oracle Enterprise Linux Security Update for expat (ELSA-2022-0951)
- 159733 Oracle Enterprise Linux Security Update for expat (ELSA-2022-1069)
- 160232 Oracle Enterprise Linux Security Update for xmlrpc-c (ELSA-2022-7692)
- 179044 Debian Security Update for expat (DLA 2904-1)
- 179068 Debian Security Update for expat (DSA 5073-1)
- 183465 Debian Security Update for expat (CVE-2022-22823)
- 198671 Ubuntu Security Notification for Expat Vulnerabilities (USN-5288-1)
- 240155 Red Hat Update for expat (RHSA-2022:0951)
- 240186 Red Hat Update for expat (RHSA-2022:1069)
- 240794 Red Hat Update for JBoss Core Services (RHSA-2022:7143)
- 240835 Red Hat Update for xmlrpc-c (RHSA-2022:7692)
- 257160 CentOS Security Update for expat (CESA-2022:1069)
- 296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
- 330124 IBM AIX Multiple Vulnerabilities in Python (python_advisory)
- 353975 Amazon Linux Security Advisory for expat : ALAS-2022-1603
- 353986 Amazon Linux Security Advisory for expat : ALAS2-2022-1809
- 354360 Amazon Linux Security Advisory for expat : ALAS2022-2022-017
- 354434 Amazon Linux Security Advisory for expat : ALAS2022-2022-232
- 354570 Amazon Linux Security Advisory for expat : ALAS-2022-232
- 355281 Amazon Linux Security Advisory for expat : ALAS2023-2023-058
- 376581 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Expat Vulnerability (K23421535)
- 376713 Tenable Nessus Multiple Third-Party Vulnerabilities (TNS-2022-05)
- 377041 Alibaba Cloud Linux Security Update for expat (ALINUX2-SA-2022:0017)
- 377097 Alibaba Cloud Linux Security Update for expat (ALINUX3-SA-2022:0021)
- 44025 Juniper Network Operating System (Junos OS) Multiple Vulnerabilities (JSA70605)
- 500177 Alpine Linux Security Update for expat
- 501400 Alpine Linux Security Update for expat
- 501738 Alpine Linux Security Update for expat
- 503914 Alpine Linux Security Update for expat
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 6140035 AWS Bottlerocket Security Update for libexpat (GHSA-w95j-547c-72pg)
- 671428 EulerOS Security Update for expat (EulerOS-SA-2022-1342)
- 671447 EulerOS Security Update for expat (EulerOS-SA-2022-1425)
- 671459 EulerOS Security Update for expat (EulerOS-SA-2022-1446)
- 671508 EulerOS Security Update for expat (EulerOS-SA-2022-1502)
- 671512 EulerOS Security Update for expat (EulerOS-SA-2022-1483)
- 671657 EulerOS Security Update for xulrunner (EulerOS-SA-2022-1774)
- 671715 EulerOS Security Update for expat (EulerOS-SA-2022-1716)
- 710626 Gentoo Linux Expat Multiple Vulnerabilities (GLSA 202209-24)
- 751651 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0178-1)
- 751653 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0179-1)
- 751662 OpenSUSE Security Update for expat (openSUSE-SU-2022:0178-1)
- 753347 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:14878-1)
- 87486 IBM Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (6559296)
- 900511 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7130)
- 901563 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7157-1)
- 904966 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12317)
- 905065 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12465)
- 940473 AlmaLinux Security Update for expat (ALSA-2022:0951)
- 940736 AlmaLinux Security Update for xmlrpc-c (ALSA-2022:7692)
- 960622 Rocky Linux Security Update for xmlrpc-c (RLSA-2022:7692)
- 960848 Rocky Linux Security Update for expat (RLSA-2022:0951)
