{"api_version":"1","generated_at":"2026-04-23T00:41:44+00:00","cve":"CVE-2022-40674","urls":{"html":"https://cve.report/CVE-2022-40674","api":"https://cve.report/api/cve/CVE-2022-40674.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-40674","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-40674"},"summary":{"title":"CVE-2022-40674","description":"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-09-14 11:15:00","updated_at":"2023-11-07 03:52:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/","name":"FEDORA-2022-15ec504440","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: expat-2.4.9-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html","name":"[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3119-1] expat security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/","name":"FEDORA-2022-c22feb71ba","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-expat-2.4.9-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/","name":"FEDORA-2022-dcb1d7bcb1","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: mingw-expat-2.4.9-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/","name":"FEDORA-2022-15ec504440","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: expat-2.4.9-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202211-06","name":"GLSA-202211-06","refsource":"GENTOO","tags":[],"title":"Mozilla Firefox: Multiple Vulnerabilities (GLSA 202211-06) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5236","name":"DSA-5236","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5236-1 expat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/","name":"FEDORA-2022-c68d90efc3","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: expat-2.4.9-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/","name":"FEDORA-2022-d93b3bd8b9","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: mingw-expat-2.4.9-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/libexpat/libexpat/pull/629","name":"https://github.com/libexpat/libexpat/pull/629","refsource":"MISC","tags":[],"title":"Ensure raw tagnames are safe exiting internalEntityParser by RMJ10 · Pull Request #629 · libexpat/libexpat · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/","name":"FEDORA-2022-d93b3bd8b9","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: mingw-expat-2.4.9-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/","name":"FEDORA-2022-c68d90efc3","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: expat-2.4.9-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/","name":"FEDORA-2022-c22feb71ba","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-expat-2.4.9-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20221028-0008/","name":"https://security.netapp.com/advisory/ntap-20221028-0008/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-40674 libexpat Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202209-24","name":"GLSA-202209-24","refsource":"GENTOO","tags":[],"title":"Expat: Multiple Vulnerabilities (GLSA 202209-24) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/","name":"FEDORA-2022-dcb1d7bcb1","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: mingw-expat-2.4.9-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/libexpat/libexpat/pull/640","name":"https://github.com/libexpat/libexpat/pull/640","refsource":"MISC","tags":[],"title":"tests: Cover heap use-after-free issue in doContent (follow-up to #629) by hartwork · Pull Request #640 · libexpat/libexpat · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-40674","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40674","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"40674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"40674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-40674","qid":"160131","title":"Oracle Enterprise Linux Security Update for expat (ELSA-2022-6838)"},{"cve":"CVE-2022-40674","qid":"160133","title":"Oracle Enterprise Linux Security Update for expat (ELSA-2022-6834)"},{"cve":"CVE-2022-40674","qid":"160138","title":"Oracle Enterprise Linux Security Update for expat (ELSA-2022-6878)"},{"cve":"CVE-2022-40674","qid":"160145","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7026)"},{"cve":"CVE-2022-40674","qid":"160146","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2022-7020)"},{"cve":"CVE-2022-40674","qid":"160148","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2022-7024)"},{"cve":"CVE-2022-40674","qid":"160149","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-7023)"},{"cve":"CVE-2022-40674","qid":"160180","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6998)"},{"cve":"CVE-2022-40674","qid":"160182","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6997)"},{"cve":"CVE-2022-40674","qid":"160188","title":"Oracle Enterprise Linux Security Update for expat (ELSA-2022-9962)"},{"cve":"CVE-2022-40674","qid":"160189","title":"Oracle Enterprise Linux Security Update for compat-expat1 (ELSA-2022-9967)"},{"cve":"CVE-2022-40674","qid":"181073","title":"Debian Security Update for expat (DSA 5236-1)"},{"cve":"CVE-2022-40674","qid":"181130","title":"Debian Security Update for expat (DLA 3119-1)"},{"cve":"CVE-2022-40674","qid":"183854","title":"Debian Security Update for expat (CVE-2022-40674)"},{"cve":"CVE-2022-40674","qid":"199028","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-5726-1)"},{"cve":"CVE-2022-40674","qid":"199034","title":"Ubuntu Security Notification for Expat Vulnerabilities (USN-5638-2)"},{"cve":"CVE-2022-40674","qid":"199586","title":"Ubuntu Security Notification for Expat Vulnerabilities (USN-5638-4)"},{"cve":"CVE-2022-40674","qid":"20320","title":"IBM DB2 Multiple Vulnerabilities (6847293)"},{"cve":"CVE-2022-40674","qid":"240714","title":"Red Hat Update for expat (RHSA-2022:6834)"},{"cve":"CVE-2022-40674","qid":"240716","title":"Red Hat Update for expat (RHSA-2022:6832)"},{"cve":"CVE-2022-40674","qid":"240717","title":"Red Hat Update for expat (RHSA-2022:6831)"},{"cve":"CVE-2022-40674","qid":"240718","title":"Red Hat Update for expat (RHSA-2022:6838)"},{"cve":"CVE-2022-40674","qid":"240721","title":"Red Hat Update for expat (RHSA-2022:6878)"},{"cve":"CVE-2022-40674","qid":"240733","title":"Red Hat Update for thunderbird (RHSA-2022:6995)"},{"cve":"CVE-2022-40674","qid":"240735","title":"Red Hat Update for thunderbird (RHSA-2022:6998)"},{"cve":"CVE-2022-40674","qid":"240739","title":"Red Hat Update for firefox (RHSA-2022:7022)"},{"cve":"CVE-2022-40674","qid":"240740","title":"Red Hat Update for firefox (RHSA-2022:7024)"},{"cve":"CVE-2022-40674","qid":"240741","title":"Red Hat Update for thunderbird (RHSA-2022:7023)"},{"cve":"CVE-2022-40674","qid":"240742","title":"Red Hat Update for firefox (RHSA-2022:7020)"},{"cve":"CVE-2022-40674","qid":"240743","title":"Red Hat Update for thunderbird (RHSA-2022:7026)"},{"cve":"CVE-2022-40674","qid":"240744","title":"Red Hat Update for thunderbird (RHSA-2022:6996)"},{"cve":"CVE-2022-40674","qid":"240745","title":"Red Hat Update for firefox (RHSA-2022:6997)"},{"cve":"CVE-2022-40674","qid":"240746","title":"Red Hat Update for firefox (RHSA-2022:7025)"},{"cve":"CVE-2022-40674","qid":"257199","title":"CentOS Security Update for expat (CESA-2022:6834)"},{"cve":"CVE-2022-40674","qid":"283180","title":"Fedora Security Update for expat (FEDORA-2022-15ec504440)"},{"cve":"CVE-2022-40674","qid":"283208","title":"Fedora Security Update for expat (FEDORA-2022-c68d90efc3)"},{"cve":"CVE-2022-40674","qid":"283259","title":"Fedora Security Update for mingw (FEDORA-2022-c22feb71ba)"},{"cve":"CVE-2022-40674","qid":"283260","title":"Fedora Security Update for mingw (FEDORA-2022-d93b3bd8b9)"},{"cve":"CVE-2022-40674","qid":"283462","title":"Fedora Security Update for mingw (FEDORA-2022-dcb1d7bcb1)"},{"cve":"CVE-2022-40674","qid":"296086","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)"},{"cve":"CVE-2022-40674","qid":"296098","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)"},{"cve":"CVE-2022-40674","qid":"330125","title":"IBM AIX Multiple Vulnerabilities in Python (python_advisory2)"},{"cve":"CVE-2022-40674","qid":"354103","title":"Amazon Linux Security Advisory for expat : ALAS2-2022-1877"},{"cve":"CVE-2022-40674","qid":"354131","title":"Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1900"},{"cve":"CVE-2022-40674","qid":"354248","title":"Amazon Linux Security Advisory for expat : ALAS-2022-1654"},{"cve":"CVE-2022-40674","qid":"354280","title":"Amazon Linux Security Advisory for expat : ALAS2022-2022-259"},{"cve":"CVE-2022-40674","qid":"354426","title":"Amazon Linux Security Advisory for expat : ALAS-2022-259"},{"cve":"CVE-2022-40674","qid":"354528","title":"Amazon Linux Security Advisory for expat : ALAS-2022-259"},{"cve":"CVE-2022-40674","qid":"354565","title":"Amazon Linux Security Advisory for expat : ALAS-2022-259"},{"cve":"CVE-2022-40674","qid":"355281","title":"Amazon Linux Security Advisory for expat : ALAS2023-2023-058"},{"cve":"CVE-2022-40674","qid":"356274","title":"Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-010"},{"cve":"CVE-2022-40674","qid":"356488","title":"Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-010"},{"cve":"CVE-2022-40674","qid":"377621","title":"Alibaba Cloud Linux Security Update for expat (ALINUX2-SA-2022:0041)"},{"cve":"CVE-2022-40674","qid":"377714","title":"Alibaba Cloud Linux Security Update for expat (ALINUX3-SA-2022:0169)"},{"cve":"CVE-2022-40674","qid":"377731","title":"F5 BIG-IP Expat Vulnerability cve-2022-40674 (K44454157)"},{"cve":"CVE-2022-40674","qid":"377768","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2022-47)"},{"cve":"CVE-2022-40674","qid":"377882","title":"IBM Hypertext Transfer Protocol Server (HTTP Server) Remote Code Execution (RCE) Vulnerability (6827119)"},{"cve":"CVE-2022-40674","qid":"378337","title":"IBM Tivoli Monitoring Remote Code Execution (RCE) Vulnerability (6826711)"},{"cve":"CVE-2022-40674","qid":"378492","title":"Apache Open Office Multiple Vulnerabilities"},{"cve":"CVE-2022-40674","qid":"378514","title":"Alibaba Cloud Linux Security Update for mingw-expat (ALINUX3-SA-2023:0043)"},{"cve":"CVE-2022-40674","qid":"390283","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for expat (OVMSA-2023-0009)"},{"cve":"CVE-2022-40674","qid":"502508","title":"Alpine Linux Security Update for expat"},{"cve":"CVE-2022-40674","qid":"502509","title":"Alpine Linux Security Update for expat"},{"cve":"CVE-2022-40674","qid":"503917","title":"Alpine Linux Security Update for expat"},{"cve":"CVE-2022-40674","qid":"6140116","title":"AWS Bottlerocket Security Update for libexpat (GHSA-xvff-wcqg-jj26)"},{"cve":"CVE-2022-40674","qid":"672371","title":"EulerOS Security Update for expat (EulerOS-SA-2022-2762)"},{"cve":"CVE-2022-40674","qid":"672398","title":"EulerOS Security Update for expat (EulerOS-SA-2022-2727)"},{"cve":"CVE-2022-40674","qid":"672418","title":"EulerOS Security Update for expat (EulerOS-SA-2022-2794)"},{"cve":"CVE-2022-40674","qid":"672452","title":"EulerOS Security Update for expat (EulerOS-SA-2022-2819)"},{"cve":"CVE-2022-40674","qid":"672453","title":"EulerOS Security Update for expat (EulerOS-SA-2022-2844)"},{"cve":"CVE-2022-40674","qid":"672728","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1501)"},{"cve":"CVE-2022-40674","qid":"690945","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for expat (0a0670a1-3e1a-11ed-b48b-e0d55e2a8bf9)"},{"cve":"CVE-2022-40674","qid":"710626","title":"Gentoo Linux Expat Multiple Vulnerabilities (GLSA 202209-24)"},{"cve":"CVE-2022-40674","qid":"710686","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202211-06)"},{"cve":"CVE-2022-40674","qid":"730816","title":"Skyhigh (McAfee) Web Gateway Security Update for expat"},{"cve":"CVE-2022-40674","qid":"752638","title":"SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:3466-1)"},{"cve":"CVE-2022-40674","qid":"752644","title":"SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:3489-1)"},{"cve":"CVE-2022-40674","qid":"752678","title":"SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:3597-1)"},{"cve":"CVE-2022-40674","qid":"87525","title":"IBM HTTP Server Remote Code Execution (RCE) Vulnerability (6827119)"},{"cve":"CVE-2022-40674","qid":"903901","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (10944)"},{"cve":"CVE-2022-40674","qid":"903936","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (10921)"},{"cve":"CVE-2022-40674","qid":"904045","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (10921-1)"},{"cve":"CVE-2022-40674","qid":"904082","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (10944-1)"},{"cve":"CVE-2022-40674","qid":"904948","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12307)"},{"cve":"CVE-2022-40674","qid":"904949","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (12414)"},{"cve":"CVE-2022-40674","qid":"905092","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (12611)"},{"cve":"CVE-2022-40674","qid":"905144","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cmake (12468)"},{"cve":"CVE-2022-40674","qid":"940659","title":"AlmaLinux Security Update for expat (ALSA-2022:6838)"},{"cve":"CVE-2022-40674","qid":"940664","title":"AlmaLinux Security Update for expat (ALSA-2022:6878)"},{"cve":"CVE-2022-40674","qid":"940687","title":"AlmaLinux Security Update for thunderbird (ALSA-2022:7023)"},{"cve":"CVE-2022-40674","qid":"940689","title":"AlmaLinux Security Update for firefox (ALSA-2022:7024)"},{"cve":"CVE-2022-40674","qid":"940696","title":"AlmaLinux Security Update for firefox (ALSA-2022:7020)"},{"cve":"CVE-2022-40674","qid":"940698","title":"AlmaLinux Security Update for thunderbird (ALSA-2022:7026)"},{"cve":"CVE-2022-40674","qid":"941071","title":"AlmaLinux Security Update for mingw-expat (ALSA-2023:3068)"},{"cve":"CVE-2022-40674","qid":"960312","title":"Rocky Linux Security Update for firefox (RLSA-2022:7024)"},{"cve":"CVE-2022-40674","qid":"960358","title":"Rocky Linux Security Update for expat (RLSA-2022:6878)"},{"cve":"CVE-2022-40674","qid":"960457","title":"Rocky Linux Security Update for thunderbird (RLSA-2022:7023)"},{"cve":"CVE-2022-40674","qid":"960516","title":"Rocky Linux Security Update for expat (RLSA-2022:6838)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-40674","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/libexpat/libexpat/pull/629","refsource":"MISC","name":"https://github.com/libexpat/libexpat/pull/629"},{"url":"https://github.com/libexpat/libexpat/pull/640","refsource":"MISC","name":"https://github.com/libexpat/libexpat/pull/640"},{"refsource":"DEBIAN","name":"DSA-5236","url":"https://www.debian.org/security/2022/dsa-5236"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220925 [SECURITY] [DLA 3119-1] expat security update","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"},{"refsource":"GENTOO","name":"GLSA-202209-24","url":"https://security.gentoo.org/glsa/202209-24"},{"refsource":"FEDORA","name":"FEDORA-2022-15ec504440","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/"},{"refsource":"FEDORA","name":"FEDORA-2022-c68d90efc3","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221028-0008/","url":"https://security.netapp.com/advisory/ntap-20221028-0008/"},{"refsource":"FEDORA","name":"FEDORA-2022-d93b3bd8b9","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/"},{"refsource":"FEDORA","name":"FEDORA-2022-c22feb71ba","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/"},{"refsource":"FEDORA","name":"FEDORA-2022-dcb1d7bcb1","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/"},{"refsource":"GENTOO","name":"GLSA-202211-06","url":"https://security.gentoo.org/glsa/202211-06"}]}},"nvd":{"publishedDate":"2022-09-14 11:15:00","lastModifiedDate":"2023-11-07 03:52:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}