{"api_version":"1","generated_at":"2026-04-22T19:37:36+00:00","cve":"CVE-2022-43680","urls":{"html":"https://cve.report/CVE-2022-43680","api":"https://cve.report/api/cve/CVE-2022-43680.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-43680","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-43680"},"summary":{"title":"CVE-2022-43680","description":"In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-10-24 14:15:00","updated_at":"2024-01-21 02:08:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/","name":"FEDORA-2022-3cf0e7ebc7","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: mingw-pixman-0.42.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/","name":"FEDORA-2022-ae2559a8f4","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-pixman-0.42.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/","name":"FEDORA-2022-c43235716e","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-expat-2.5.0-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20221118-0007/","name":"https://security.netapp.com/advisory/ntap-20221118-0007/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-43680 libexpat Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/libexpat/libexpat/pull/650","name":"https://github.com/libexpat/libexpat/pull/650","refsource":"MISC","tags":[],"title":"[CVE-2022-43680] Fix overeager DTD destruction (fixes #649) by hartwork · Pull Request #650 · libexpat/libexpat · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/libexpat/libexpat/pull/616","name":"https://github.com/libexpat/libexpat/pull/616","refsource":"MISC","tags":[],"title":"Bugfixes by c01db33f · Pull Request #616 · libexpat/libexpat · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/","name":"FEDORA-2022-3cf0e7ebc7","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: mingw-pixman-0.42.2-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/","name":"FEDORA-2022-5f1e2e9016","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: mingw-expat-2.5.0-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/","name":"FEDORA-2022-f3a939e960","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: mingw-pixman-0.42.2-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/","name":"FEDORA-2022-5f1e2e9016","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: mingw-expat-2.5.0-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2024/01/03/5","name":"[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/","name":"FEDORA-2022-f3a939e960","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: mingw-pixman-0.42.2-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/libexpat/libexpat/issues/649","name":"https://github.com/libexpat/libexpat/issues/649","refsource":"MISC","tags":[],"title":"[CVE-2022-43680] XML_ParserFree may free parser->m_dtd memory in out-of-memory situations when it should not · Issue #649 · libexpat/libexpat · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/","name":"FEDORA-2022-c43235716e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-expat-2.5.0-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5266","name":"DSA-5266","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5266-1 expat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html","name":"[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3165-1] expat security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/","name":"FEDORA-2022-49db80f821","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: mingw-expat-2.5.0-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/","name":"FEDORA-2022-49db80f821","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: mingw-expat-2.5.0-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/","name":"FEDORA-2022-ae2559a8f4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: mingw-pixman-0.42.2-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/12/28/5","name":"[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202210-38","name":"GLSA-202210-38","refsource":"GENTOO","tags":[],"title":"Expat: Denial of Service (GLSA 202210-38) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-43680","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43680","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"2.4.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libexpat_project","cpe5":"libexpat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"hci_compute_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"hci_compute_node_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_workflow_automation","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"43680","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_\\&_hci_management_node","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-43680","qid":"160391","title":"Oracle Enterprise Linux Security Update for expat (ELSA-2023-0103)"},{"cve":"CVE-2022-43680","qid":"160416","title":"Oracle Enterprise Linux Security Update for expat (ELSA-2023-0337)"},{"cve":"CVE-2022-43680","qid":"181170","title":"Debian Security Update for expat (DLA 3165-1)"},{"cve":"CVE-2022-43680","qid":"181180","title":"Debian Security Update for expat (DSA 5266-1)"},{"cve":"CVE-2022-43680","qid":"184467","title":"Debian Security Update for expat (CVE-2022-43680)"},{"cve":"CVE-2022-43680","qid":"199034","title":"Ubuntu Security Notification for Expat Vulnerabilities (USN-5638-2)"},{"cve":"CVE-2022-43680","qid":"199042","title":"Ubuntu Security Notification for Expat Vulnerability (USN-5638-3)"},{"cve":"CVE-2022-43680","qid":"199586","title":"Ubuntu Security Notification for Expat Vulnerabilities (USN-5638-4)"},{"cve":"CVE-2022-43680","qid":"20320","title":"IBM DB2 Multiple Vulnerabilities (6847293)"},{"cve":"CVE-2022-43680","qid":"20354","title":"Oracle Database 19c Critical Patch Update - July 2023"},{"cve":"CVE-2022-43680","qid":"20355","title":"Oracle Database 21c Critical Patch Update - July 2023"},{"cve":"CVE-2022-43680","qid":"20356","title":"Oracle Database 19c Critical OJVM Patch Update - July 2023"},{"cve":"CVE-2022-43680","qid":"241059","title":"Red Hat Update for expat (RHSA-2023:0103)"},{"cve":"CVE-2022-43680","qid":"241098","title":"Red Hat Update for expat (RHSA-2023:0337)"},{"cve":"CVE-2022-43680","qid":"242758","title":"Red Hat Update for expat (RHSA-2024:0421)"},{"cve":"CVE-2022-43680","qid":"283309","title":"Fedora Security Update for mingw (FEDORA-2022-49db80f821)"},{"cve":"CVE-2022-43680","qid":"283310","title":"Fedora Security Update for mingw (FEDORA-2022-c43235716e)"},{"cve":"CVE-2022-43680","qid":"283311","title":"Fedora Security Update for mingw (FEDORA-2022-3cf0e7ebc7)"},{"cve":"CVE-2022-43680","qid":"283312","title":"Fedora Security Update for mingw (FEDORA-2022-ae2559a8f4)"},{"cve":"CVE-2022-43680","qid":"283436","title":"Fedora Security Update for mingw (FEDORA-2022-5f1e2e9016)"},{"cve":"CVE-2022-43680","qid":"283437","title":"Fedora Security Update for mingw (FEDORA-2022-f3a939e960)"},{"cve":"CVE-2022-43680","qid":"330126","title":"IBM AIX Denial of Service (DoS) due to Python (python_advisory3)"},{"cve":"CVE-2022-43680","qid":"354129","title":"Amazon Linux Security Advisory for expat : ALAS2-2022-1885"},{"cve":"CVE-2022-43680","qid":"354260","title":"Amazon Linux Security Advisory for expat : ALAS-2022-1655"},{"cve":"CVE-2022-43680","qid":"354507","title":"Amazon Linux Security Advisory for expat : ALAS2022-2022-261"},{"cve":"CVE-2022-43680","qid":"354533","title":"Amazon Linux Security Advisory for expat : ALAS-2022-261"},{"cve":"CVE-2022-43680","qid":"355053","title":"Amazon Linux Security Advisory for expat : AL2012-2022-377"},{"cve":"CVE-2022-43680","qid":"355281","title":"Amazon Linux Security Advisory for expat : ALAS2023-2023-058"},{"cve":"CVE-2022-43680","qid":"377955","title":"Alibaba Cloud Linux Security Update for expat (ALINUX3-SA-2023:0012)"},{"cve":"CVE-2022-43680","qid":"378374","title":"IBM Hypertext Transfer Protocol (HTTP) Server Denial of Service (DoS) Vulnerabilty (6839161)"},{"cve":"CVE-2022-43680","qid":"378599","title":"Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)"},{"cve":"CVE-2022-43680","qid":"378677","title":"Oracle Hypertext Transfer Protocol Server (HTTP Server) Server Multiple Vulnerabilities (CPUJUL2023)"},{"cve":"CVE-2022-43680","qid":"502571","title":"Alpine Linux Security Update for expat"},{"cve":"CVE-2022-43680","qid":"502572","title":"Alpine Linux Security Update for expat"},{"cve":"CVE-2022-43680","qid":"503918","title":"Alpine Linux Security Update for expat"},{"cve":"CVE-2022-43680","qid":"610466","title":"Google Android Devices February 2023 Security Patch Missing"},{"cve":"CVE-2022-43680","qid":"610467","title":"Google Android February 2023 Security Patch Missing for Samsung"},{"cve":"CVE-2022-43680","qid":"610473","title":"Google Android March 2023 Security Patch Missing for Huawei EMUI"},{"cve":"CVE-2022-43680","qid":"6140074","title":"AWS Bottlerocket Security Update for libexpat (GHSA-fwxw-x96j-mxgm)"},{"cve":"CVE-2022-43680","qid":"672475","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1008)"},{"cve":"CVE-2022-43680","qid":"672520","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1033)"},{"cve":"CVE-2022-43680","qid":"672566","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1122)"},{"cve":"CVE-2022-43680","qid":"672569","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1098)"},{"cve":"CVE-2022-43680","qid":"672596","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1311)"},{"cve":"CVE-2022-43680","qid":"672660","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1355)"},{"cve":"CVE-2022-43680","qid":"672663","title":"EulerOS Security Update for expat (EulerOS-SA-2023-1383)"},{"cve":"CVE-2022-43680","qid":"710677","title":"Gentoo Linux Expat Denial of Service Vulnerability (GLSA 202210-38)"},{"cve":"CVE-2022-43680","qid":"752762","title":"SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:3874-1)"},{"cve":"CVE-2022-43680","qid":"752766","title":"SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:3884-1)"},{"cve":"CVE-2022-43680","qid":"752775","title":"SUSE Enterprise Linux Security Update for expat (SUSE-SU-2022:3912-1)"},{"cve":"CVE-2022-43680","qid":"904340","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (11329)"},{"cve":"CVE-2022-43680","qid":"904347","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (11316)"},{"cve":"CVE-2022-43680","qid":"904370","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (11329-1)"},{"cve":"CVE-2022-43680","qid":"904419","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for expat (11316-1)"},{"cve":"CVE-2022-43680","qid":"940880","title":"AlmaLinux Security Update for expat (ALSA-2023:0103)"},{"cve":"CVE-2022-43680","qid":"940896","title":"AlmaLinux Security Update for expat (ALSA-2023:0337)"},{"cve":"CVE-2022-43680","qid":"960520","title":"Rocky Linux Security Update for expat (RLSA-2023:0337)"},{"cve":"CVE-2022-43680","qid":"960621","title":"Rocky Linux Security Update for expat (RLSA-2023:0103)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-43680","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/libexpat/libexpat/pull/650","refsource":"MISC","name":"https://github.com/libexpat/libexpat/pull/650"},{"url":"https://github.com/libexpat/libexpat/issues/649","refsource":"MISC","name":"https://github.com/libexpat/libexpat/issues/649"},{"url":"https://github.com/libexpat/libexpat/pull/616","refsource":"MISC","name":"https://github.com/libexpat/libexpat/pull/616"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html"},{"refsource":"DEBIAN","name":"DSA-5266","url":"https://www.debian.org/security/2022/dsa-5266"},{"refsource":"GENTOO","name":"GLSA-202210-38","url":"https://security.gentoo.org/glsa/202210-38"},{"refsource":"FEDORA","name":"FEDORA-2022-ae2559a8f4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/"},{"refsource":"FEDORA","name":"FEDORA-2022-3cf0e7ebc7","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/"},{"refsource":"FEDORA","name":"FEDORA-2022-f3a939e960","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/"},{"refsource":"FEDORA","name":"FEDORA-2022-5f1e2e9016","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/"},{"refsource":"FEDORA","name":"FEDORA-2022-49db80f821","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/"},{"refsource":"FEDORA","name":"FEDORA-2022-c43235716e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221118-0007/","url":"https://security.netapp.com/advisory/ntap-20221118-0007/"}]}},"nvd":{"publishedDate":"2022-10-24 14:15:00","lastModifiedDate":"2024-01-21 02:08:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}