CVE-2022-23990
Summary
| CVE | CVE-2022-23990 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-01-26 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:44:00 UTC |
|---|
| Description | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Oracle Critical Patch Update Advisory - April 2022 |
MISC |
www.oracle.com |
|
| [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities - Security Advisory | Tenable® |
CONFIRM |
www.tenable.com |
|
| [CVE-2022-23990] lib: Prevent integer overflow in function doProlog by hartwork · Pull Request #551 · libexpat/libexpat · GitHub |
MISC |
github.com |
|
| [SECURITY] Fedora 35 Update: mingw-expat-2.4.4-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Debian -- Security Information -- DSA-5073-1 expat |
DEBIAN |
www.debian.org |
|
| [SECURITY] Fedora 34 Update: mingw-expat-2.4.4-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Expat: Multiple Vulnerabilities (GLSA 202209-24) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 34 Update: mingw-expat-2.4.4-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf |
CONFIRM |
cert-portal.siemens.com |
|
| [SECURITY] Fedora 35 Update: mingw-expat-2.4.4-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159714 Oracle Enterprise Linux Security Update for expat (ELSA-2022-9227)
- 159719 Oracle Enterprise Linux Security Update for expat (ELSA-2022-9232)
- 179044 Debian Security Update for expat (DLA 2904-1)
- 179068 Debian Security Update for expat (DSA 5073-1)
- 183156 Debian Security Update for expat (CVE-2022-23990)
- 198671 Ubuntu Security Notification for Expat Vulnerabilities (USN-5288-1)
- 20253 Oracle Database 12.1.0.2 Critical Patch Update - April 2022
- 20254 Oracle Database 12.1.0.2 Critical Patch Update - April 2022 (Unauthenticated)
- 20255 Oracle Database 19c Critical Patch Update - April 2022
- 20257 Oracle Database 21c Critical Patch Update - April 2022
- 20258 IBM DB2 Arbitrary Code Execution Vulnerability (6573293)
- 20285 Oracle Database 19c Critical OJVM Patch Update - April 2022
- 240794 Red Hat Update for JBoss Core Services (RHSA-2022:7143)
- 282365 Fedora Security Update for mingw (FEDORA-2022-d2abd0858e)
- 282366 Fedora Security Update for mingw (FEDORA-2022-88f6a3d290)
- 296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
- 330124 IBM AIX Multiple Vulnerabilities in Python (python_advisory)
- 354427 Amazon Linux Security Advisory for expat : ALAS2022-2022-028
- 354434 Amazon Linux Security Advisory for expat : ALAS2022-2022-232
- 354570 Amazon Linux Security Advisory for expat : ALAS-2022-232
- 355281 Amazon Linux Security Advisory for expat : ALAS2023-2023-058
- 356393 Amazon Linux Security Advisory for expat : ALAS2-2023-2280
- 356550 Amazon Linux Security Advisory for expat : ALAS-2023-1882
- 356989 Amazon Linux Security Advisory for expat : AL2012-2023-473
- 376713 Tenable Nessus Multiple Third-Party Vulnerabilities (TNS-2022-05)
- 376943 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Vulnerability (NTAP-20220204-0006)
- 377786 Alibaba Cloud Linux Security Update for mingw-expat (ALINUX3-SA-2022:0183)
- 44025 Juniper Network Operating System (Junos OS) Multiple Vulnerabilities (JSA70605)
- 500178 Alpine Linux Security Update for expat
- 501401 Alpine Linux Security Update for expat
- 501739 Alpine Linux Security Update for expat
- 503915 Alpine Linux Security Update for expat
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 610429 Google Android Devices September 2022 Security Patch Missing
- 610431 Google Android September 2022 Security Patch Missing for Samsung
- 610439 Google Android October 2022 Security Patch Missing for Huawei EMUI
- 6140196 AWS Bottlerocket Security Update for libexpat (GHSA-jx23-pq2c-7xxh)
- 671447 EulerOS Security Update for expat (EulerOS-SA-2022-1425)
- 671459 EulerOS Security Update for expat (EulerOS-SA-2022-1446)
- 671565 EulerOS Security Update for expat (EulerOS-SA-2022-1529)
- 671588 EulerOS Security Update for expat (EulerOS-SA-2022-1562)
- 671620 EulerOS Security Update for expat (EulerOS-SA-2022-1659)
- 671642 EulerOS Security Update for expat (EulerOS-SA-2022-1645)
- 671657 EulerOS Security Update for xulrunner (EulerOS-SA-2022-1774)
- 671715 EulerOS Security Update for expat (EulerOS-SA-2022-1716)
- 710626 Gentoo Linux Expat Multiple Vulnerabilities (GLSA 202209-24)
- 751724 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0495-1)
- 751730 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0498-1)
- 751741 OpenSUSE Security Update for expat (openSUSE-SU-2022:0498-1)
- 753230 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:14884-1)
- 87486 IBM Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (6559296)
- 87497 IBM HTTP Server Multiple Expat Vulnerabilities
- 900618 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (8328)
- 901283 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (8334-1)
- 940738 AlmaLinux Security Update for mingw-expat (ALSA-2022:7811)
