CVE-2022-25236

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-25236
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-02-16 01:15:00 UTC
Updated2023-11-07 03:44:00 UTC
Descriptionxmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Risk And Classification

Problem Types: CWE-668

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Application Libexpat Project Libexpat All All All All
Application Oracle Http Server 12.2.1.3.0 All All All
Application Oracle Http Server 12.2.1.4.0 All All All
Application Oracle Zfs Storage Appliance Kit 8.8 All All All
Application Siemens Sinema Remote Connect Server All All All All

References

ReferenceSourceLinkTags
[CVE-2022-25236] lib: Protect against insertion of namesep characters into namespace URIs by hartwork · Pull Request #561 · libexpat/libexpat · GitHub MISC github.com Patch, Third Party Advisory
Zoom XMPP Stanza Smuggling Remote Code Execution ≈ Packet Storm MISC packetstormsecurity.com
Oracle Critical Patch Update Advisory - April 2022 MISC www.oracle.com
February 2022 Expat Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] Fedora 35 Update: mingw-expat-2.4.6-1.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] [DLA 2935-1] expat security update MLIST lists.debian.org
[SECURITY] Fedora 35 Update: mingw-expat-2.4.6-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
oss-security - Expat 2.4.5 released, includes 5 security fixes MLIST www.openwall.com Mailing List, Third Party Advisory
[SECURITY] Fedora 34 Update: mingw-expat-2.4.6-1.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Expat: Multiple Vulnerabilities (GLSA 202209-24) — Gentoo security GENTOO security.gentoo.org
Debian -- Security Information -- DSA-5085-1 expat DEBIAN www.debian.org
cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf CONFIRM cert-portal.siemens.com
[SECURITY] Fedora 34 Update: mingw-expat-2.4.6-1.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159696 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-0824)
  • 159697 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-0818)
  • 159705 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-0845)
  • 159706 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-0850)
  • 159712 Oracle Enterprise Linux Security Update for expat (ELSA-2022-0951)
  • 159733 Oracle Enterprise Linux Security Update for expat (ELSA-2022-1069)
  • 159782 Oracle Enterprise Linux Security Update for expat (ELSA-2022-9359)
  • 179091 Debian Security Update for expat (DSA 5085-1)
  • 179107 Debian Security Update for expat (DLA 2935-1)
  • 179143 Debian Security Update for expat (DSA 5085-2)
  • 198671 Ubuntu Security Notification for Expat Vulnerabilities (USN-5288-1)
  • 20259 IBM DB2 Multiple Vulnerabilities (6597637)
  • 240124 Red Hat Update for firefox (RHSA-2022:0817)
  • 240132 Red Hat Update for firefox (RHSA-2022:0824)
  • 240133 Red Hat Update for firefox (RHSA-2022:0818)
  • 240136 Red Hat Update for firefox (RHSA-2022:0816)
  • 240141 Red Hat Update for thunderbird (RHSA-2022:0853)
  • 240142 Red Hat Update for thunderbird (RHSA-2022:0845)
  • 240143 Red Hat Update for thunderbird (RHSA-2022:0843)
  • 240145 Red Hat Update for thunderbird (RHSA-2022:0850)
  • 240155 Red Hat Update for expat (RHSA-2022:0951)
  • 240166 Red Hat Update for expat (RHSA-2022:1012)
  • 240186 Red Hat Update for expat (RHSA-2022:1069)
  • 240187 Red Hat Update for expat (RHSA-2022:1070)
  • 240433 Red Hat Update for thunderbird (RHSA-2022:0847)
  • 240436 Red Hat Update for expat (RHSA-2022:1068)
  • 240794 Red Hat Update for JBoss Core Services (RHSA-2022:7143)
  • 257160 CentOS Security Update for expat (CESA-2022:1069)
  • 257161 CentOS Security Update for firefox (CESA-2022:0824)
  • 257164 CentOS Security Update for thunderbird (CESA-2022:0850)
  • 282449 Fedora Security Update for mingw (FEDORA-2022-3d9d67f558)
  • 282450 Fedora Security Update for mingw (FEDORA-2022-04f206996b)
  • 296057 Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)
  • 330124 IBM AIX Multiple Vulnerabilities in Python (python_advisory)
  • 353198 Amazon Linux Security Advisory for expat : ALAS-2022-1573
  • 353200 Amazon Linux Security Advisory for expat : ALAS2-2022-1764
  • 353262 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1779
  • 354434 Amazon Linux Security Advisory for expat : ALAS2022-2022-232
  • 354490 Amazon Linux Security Advisory for expat : ALAS2022-2022-036
  • 354570 Amazon Linux Security Advisory for expat : ALAS-2022-232
  • 354627 Amazon Linux Security Advisory for expat : AL2012-2022-359
  • 355281 Amazon Linux Security Advisory for expat : ALAS2023-2023-058
  • 376583 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Expat Vulnerability (K19473898)
  • 377041 Alibaba Cloud Linux Security Update for expat (ALINUX2-SA-2022:0017)
  • 377097 Alibaba Cloud Linux Security Update for expat (ALINUX3-SA-2022:0021)
  • 377786 Alibaba Cloud Linux Security Update for mingw-expat (ALINUX3-SA-2022:0183)
  • 377911 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2023)
  • 38862 NetApp Data Open Network Technology for Appliance Products (ONTAP) Denial of Service (DoS) Vulnerability (NTAP-20210303-0002)
  • 390283 Oracle Managed Virtualization (VM) Server for x86 Security Update for expat (OVMSA-2023-0009)
  • 44025 Juniper Network Operating System (Junos OS) Multiple Vulnerabilities (JSA70605)
  • 500179 Alpine Linux Security Update for expat
  • 501402 Alpine Linux Security Update for expat
  • 501740 Alpine Linux Security Update for expat
  • 503916 Alpine Linux Security Update for expat
  • 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
  • 6140373 AWS Bottlerocket Security Update for libexpat (GHSA-v95x-cqc2-wxq4)
  • 671565 EulerOS Security Update for expat (EulerOS-SA-2022-1529)
  • 671588 EulerOS Security Update for expat (EulerOS-SA-2022-1562)
  • 671715 EulerOS Security Update for expat (EulerOS-SA-2022-1716)
  • 671757 EulerOS Security Update for expat (EulerOS-SA-2022-1786)
  • 671760 EulerOS Security Update for expat (EulerOS-SA-2022-1803)
  • 671787 EulerOS Security Update for expat (EulerOS-SA-2022-1861)
  • 671796 EulerOS Security Update for expat (EulerOS-SA-2022-1837)
  • 710626 Gentoo Linux Expat Multiple Vulnerabilities (GLSA 202209-24)
  • 751782 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0698-1)
  • 751795 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0713-1)
  • 751810 OpenSUSE Security Update for expat (openSUSE-SU-2022:0713-1)
  • 751883 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0842-1)
  • 751884 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:0844-1)
  • 751892 OpenSUSE Security Update for expat (openSUSE-SU-2022:0844-1)
  • 752302 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:2294-1)
  • 753324 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:14903-1)
  • 753407 SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:14934-1)
  • 755917 SUSE Enterprise Linux Security Update for python311 (SUSE-SU-2024:0782-1)
  • 755919 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2024:0784-1)
  • 87487 IBM Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (6560814)
  • 900666 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (8602)
  • 900969 Common Base Linux Mariner (CBL-Mariner) Security Update for expat (8604-1)
  • 904859 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12309)
  • 905124 Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12475)
  • 940460 AlmaLinux Security Update for firefox (ALSA-2022:0818)
  • 940465 AlmaLinux Security Update for thunderbird (ALSA-2022:0845)
  • 940473 AlmaLinux Security Update for expat (ALSA-2022:0951)
  • 940738 AlmaLinux Security Update for mingw-expat (ALSA-2022:7811)
  • 960832 Rocky Linux Security Update for thunderbird (RLSA-2022:0845)
  • 960834 Rocky Linux Security Update for firefox (RLSA-2022:0818)
  • 960848 Rocky Linux Security Update for expat (RLSA-2022:0951)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report