variot - var-202201-0326

var-202201-0326

Vulnerability from variot

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability is caused by a boundary error when defineAttribute in xmlparse.c handles untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. Description:

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):

2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation

Description:

Expat is a C library for parsing XML documents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: xmlrpc-c security update Advisory ID: RHSA-2022:7692-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7692 Issue date: 2022-11-08 CVE Names: CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ==================================================================== 1. Summary:

An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

Description:

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source: xmlrpc-c-1.51.0-8.el8.src.rpm

aarch64: xmlrpc-c-1.51.0-8.el8.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm

ppc64le: xmlrpc-c-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm

s390x: xmlrpc-c-1.51.0-8.el8.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm

x86_64: xmlrpc-c-1.51.0-8.el8.i686.rpm xmlrpc-c-1.51.0-8.el8.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-1.51.0-8.el8.i686.rpm xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm

ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm

s390x: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm

x86_64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm xmlrpc-c-devel-1.51.0-8.el8.i686.rpm xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5 Vot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG LF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5 K/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU JOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8 0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd IlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ XaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI nv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y qKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7 uOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S ZzcPNNMPHw0=wFwS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0326",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nessus",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "10.0.0"
      },
      {
        "model": "sinema remote connect server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "libexpat",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "libexpat",
        "version": "2.4.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "nessus",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "8.15.3"
      },
      {
        "model": "nessus",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "tenable",
        "version": "10.1.1"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.15.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.1.1",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens notified CISA of these vulnerabilities.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-22824",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-411550",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-22824",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22824",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202201-639",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-411550",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22824",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability is caused by a boundary error when defineAttribute in xmlparse.c handles untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. Description:\n\nExpat is a C library for parsing XML documents. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: xmlrpc-c security update\nAdvisory ID:       RHSA-2022:7692-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:7692\nIssue date:        2022-11-08\nCVE Names:         CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n                   CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n                   CVE-2022-22827\n====================================================================\n1. Summary:\n\nAn update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nXML-RPC is a remote procedure call (RPC) protocol that uses XML to encode\nits calls and HTTP as a transport mechanism. The xmlrpc-c packages provide\na network protocol to allow a client program to make a simple RPC (remote\nprocedure call) over the Internet. It converts an RPC into an XML document,\nsends it to a remote server using HTTP, and gets back the response in XML. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nxmlrpc-c-1.51.0-8.el8.src.rpm\n\naarch64:\nxmlrpc-c-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm\n\nppc64le:\nxmlrpc-c-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm\n\ns390x:\nxmlrpc-c-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm\n\nx86_64:\nxmlrpc-c-1.51.0-8.el8.i686.rpm\nxmlrpc-c-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm\nxmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm\n\nppc64le:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm\nxmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm\n\ns390x:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm\nxmlrpc-c-devel-1.51.0-8.el8.s390x.rpm\n\nx86_64:\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm\nxmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm\nxmlrpc-c-devel-1.51.0-8.el8.i686.rpm\nxmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5\nVot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG\nLF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5\nK/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU\nJOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8\n0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd\nIlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ\nXaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI\nnv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y\nqKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7\nuOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S\nZzcPNNMPHw0=wFwS\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. After installing the updated packages, the\nhttpd daemon will be restarted automatically",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      },
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22824"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "169788"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      }
    ],
    "trust": 1.53
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22824",
        "trust": 2.3
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/01/17/3",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-484086",
        "trust": 1.7
      },
      {
        "db": "TENABLE",
        "id": "TNS-2022-05",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169788",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166348",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "169541",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167008",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166496",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166976",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166437",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "168578",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "166516",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072065",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022072710",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060617",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032843",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070734",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022041954",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032013",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022011713",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022031627",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022022416",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070605",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022020902",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022021418",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022033002",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022032445",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042116",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-167-17",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "166088",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0626",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.4174",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1154",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1677",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.1263",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2171",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3299",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.5666",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0369",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0749",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "166431",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "169540",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166433",
        "trust": 0.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-04541",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-411550",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22824",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22824"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "169788"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "id": "VAR-202201-0326",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:54:41.494000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat: CVE-2022-22824",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-22824"
      },
      {
        "title": "Red Hat: Important: expat security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220951 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1730aaeace15912feb07b96b49c44c9a"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2022-1603",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1603"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221039 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2022-1809",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1809"
      },
      {
        "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221734 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221041 - security advisory"
      },
      {
        "title": "Red Hat: Low: Release of OpenShift Serverless  Version 1.22.0",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221747 - security advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221042 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221083 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221476 - security advisory"
      },
      {
        "title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2022-05"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-017"
      },
      {
        "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221396 - security advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
      },
      {
        "title": "myapp-container-jaxrs",
        "trust": 0.1,
        "url": "https://github.com/akiraabe/myapp-container-jaxrs "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-190",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://www.tenable.com/security/tns-2022-05"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2022/dsa-5073"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/202209-24"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/libexpat/libexpat/pull/539"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2171"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166088/ubuntu-security-notice-usn-5288-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-22824"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-22823"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-22822"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-22827"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
      },
      {
        "trust": 0.5,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2021-46143"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-22825"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2022-22826"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-25315"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-23852"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-25235"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-45960"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-25236"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-33193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-36160"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41524"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-23990"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-44224"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-39275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0261"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25709"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-24730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0318"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-1025"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0413"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-0359"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3999"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0951"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7692"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7144"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7143"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "169788"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22824"
      },
      {
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "169788"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22824"
      },
      {
        "date": "2022-03-24T14:34:35",
        "db": "PACKETSTORM",
        "id": "166431"
      },
      {
        "date": "2022-03-17T15:51:32",
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "date": "2022-11-08T13:52:57",
        "db": "PACKETSTORM",
        "id": "169788"
      },
      {
        "date": "2022-10-27T13:05:19",
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "date": "2022-10-27T13:05:26",
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "date": "2022-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      },
      {
        "date": "2022-01-10T14:12:56.567000",
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-411550"
      },
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22824"
      },
      {
        "date": "2022-11-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      },
      {
        "date": "2022-10-06T14:47:33.437000",
        "db": "NVD",
        "id": "CVE-2022-22824"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Expat Input validation error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202201-639"
      }
    ],
    "trust": 0.6
  }
}

cve-2022-22824

Vulnerability from cvelistv5

Published

2022-01-08 02:56

Modified

2024-08-03 03:28

Severity ?

Summary

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

References

▼	URL	Tags
	https://github.com/libexpat/libexpat/pull/539	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/01/17/3	mailing-list, x_refsource_MLIST
	https://www.tenable.com/security/tns-2022-05	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5073	vendor-advisory, x_refsource_DEBIAN
	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-24	vendor-advisory, x_refsource_GENTOO

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website