var-202202-0050
Vulnerability from variot

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2 Advisory ID: RHSA-2022:1053-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:1053 Issue date: 2022-03-24 CVE Names: CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64

  1. Description:

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

  • expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)

  • expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)

  • expat: Integer overflow in storeRawNames() (CVE-2022-25315)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Red Hat Virtualization Host was rebased on Red Hat Enterprise Linux 8.5.0.3. (BZ#2048407)

  • Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

  1. Bugs fixed (https://bugzilla.redhat.com/):

2034626 - Upgrade elfutils to elfutils-0.185-1.el8 2048407 - Rebase RHV-H 4.4.10 on RHEL 8.5.0.3 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2057048 - consume libvirt fix for: Failed to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by Too many open files from libvirtd

  1. Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source: elfutils-0.185-1.el8.src.rpm redhat-virtualization-host-4.4.10-202203211649_8.5.src.rpm

x86_64: elfutils-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-0.185-1.el8.x86_64.rpm elfutils-debuginfod-client-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debuginfod-debuginfo-0.185-1.el8.x86_64.rpm elfutils-debugsource-0.185-1.el8.x86_64.rpm elfutils-devel-0.185-1.el8.x86_64.rpm elfutils-libelf-debuginfo-0.185-1.el8.x86_64.rpm elfutils-libs-debuginfo-0.185-1.el8.x86_64.rpm redhat-virtualization-host-image-update-4.4.10-202203211649_8.5.x86_64.rpm

RHEL 8-based RHEV-H for RHEV 4 (build requirements):

Source: redhat-release-virtualization-host-4.4.10-3.el8ev.src.rpm

noarch: redhat-virtualization-host-image-update-placeholder-4.4.10-3.el8ev.noarch.rpm

x86_64: redhat-release-virtualization-host-4.4.10-3.el8ev.x86_64.rpm redhat-release-virtualization-host-content-4.4.10-3.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYjyObtzjgjWX9erEAQgVfRAAkn+C8psWL5puBda6ty9qD6KjY6BMGqH+ us3YStx9Dk/frDv1eRHtQd0pNNPfNNvah3Y/OraXEbX8DfiMczGL/3ESHXnlNl8b l0BE08QeJig4Q2WIOwcGyyB4jIepDt+bilDKSck+f84UN+mgk/Iqn8XvKE8WnRwk TebToONC7hwnSjdHt1XlF6pEqpAo5XOpwCfzpGNmVWvt3Ddgas2EE6eUkFNaKOBN UFe1ZTyvSgZpmr4Kxx7AoF3+CnnEJb8lCrRG71cVsPLHBAiwcEMOQN8yfCqj30il DhCWhchX7OcVwJBhOLUR87SheaUxhfLJAaieyW4gisbot5KbWZgM0GTt0Lr2/z7G CLuFzXwFZGjsljH7iXRjdDt/8D7CThMTF+6jkkW+jJuVYFyCh12OTAmSd9LJ8xB4 jfvj3ow7Gmrzn9QN67DcqTQ+DHWEvUScy8qfs0lAz1XatPi2tf2dNO/IxSdz/bV3 /mBkMOYbYPgSeT/6i7m2pp+3iXq6QZfAFIvVaqolVWZOuBbX8cU+XOUcrQvT+L5Y NNlrSJvxZ4VVaaHbqudizFYvkni12V8tQe7uPsNpTJi3iTc8ShtoTtGTiUPE7mff fhB9jEGy0yuIEg0VlokjRCEo5Q3D5xfPPQZeTOEiAciksQJn6PhjR9MuaxtXEYqq +Ej7k5UtzjI=TqDc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:

Expat is a C library for parsing XML documents. 8.1) - ppc64le, x86_64

  1. 8.2) - aarch64, ppc64le, s390x, x86_64

  2. Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.7.0 ESR. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24


                                       https://security.gentoo.org/

Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24


Synopsis

Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/expat < 2.4.9 >= 2.4.9

Description

Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Expat users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"

References

[ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202209-24

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0050",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.3.0"
      },
      {
        "model": "libexpat",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "libexpat",
        "version": "2.4.5"
      },
      {
        "model": "sinema remote connect server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.1.4.0"
      },
      {
        "model": "zfs storage appliance kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.8"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.4.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2022-25235",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-415126",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-25235",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-415126",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat Virtualization Host security and enhancement update [ovirt-4.4.10] Async #2\nAdvisory ID:       RHSA-2022:1053-01\nProduct:           Red Hat Virtualization\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1053\nIssue date:        2022-03-24\nCVE Names:         CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for redhat-release-virtualization-host and\nredhat-virtualization-host is now available for Red Hat Virtualization 4\nfor Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Red Hat Virtualization Host was rebased on Red Hat Enterprise Linux\n8.5.0.3. (BZ#2048407)\n\n* Rebase package(s) to version:\nlibvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40\nHighlights and important bug fixes: consume libvirt fix for failure to\nconnect socket to \u0027/run/libvirt/virtlogd-sock\u0027 - possibly caused by too\nmany open files from libvirtd. (BZ#2057048)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2034626 - Upgrade elfutils to elfutils-0.185-1.el8\n2048407 - Rebase RHV-H 4.4.10 on RHEL 8.5.0.3\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n2057048 - consume libvirt fix for: Failed to connect socket to \u0027/run/libvirt/virtlogd-sock\u0027 - possibly caused by Too many open files from libvirtd\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 8:\n\nSource:\nelfutils-0.185-1.el8.src.rpm\nredhat-virtualization-host-4.4.10-202203211649_8.5.src.rpm\n\nx86_64:\nelfutils-debuginfo-0.185-1.el8.x86_64.rpm\nelfutils-debuginfod-client-0.185-1.el8.x86_64.rpm\nelfutils-debuginfod-client-debuginfo-0.185-1.el8.x86_64.rpm\nelfutils-debuginfod-debuginfo-0.185-1.el8.x86_64.rpm\nelfutils-debugsource-0.185-1.el8.x86_64.rpm\nelfutils-devel-0.185-1.el8.x86_64.rpm\nelfutils-libelf-debuginfo-0.185-1.el8.x86_64.rpm\nelfutils-libs-debuginfo-0.185-1.el8.x86_64.rpm\nredhat-virtualization-host-image-update-4.4.10-202203211649_8.5.x86_64.rpm\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nredhat-release-virtualization-host-4.4.10-3.el8ev.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-placeholder-4.4.10-3.el8ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.4.10-3.el8ev.x86_64.rpm\nredhat-release-virtualization-host-content-4.4.10-3.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYjyObtzjgjWX9erEAQgVfRAAkn+C8psWL5puBda6ty9qD6KjY6BMGqH+\nus3YStx9Dk/frDv1eRHtQd0pNNPfNNvah3Y/OraXEbX8DfiMczGL/3ESHXnlNl8b\nl0BE08QeJig4Q2WIOwcGyyB4jIepDt+bilDKSck+f84UN+mgk/Iqn8XvKE8WnRwk\nTebToONC7hwnSjdHt1XlF6pEqpAo5XOpwCfzpGNmVWvt3Ddgas2EE6eUkFNaKOBN\nUFe1ZTyvSgZpmr4Kxx7AoF3+CnnEJb8lCrRG71cVsPLHBAiwcEMOQN8yfCqj30il\nDhCWhchX7OcVwJBhOLUR87SheaUxhfLJAaieyW4gisbot5KbWZgM0GTt0Lr2/z7G\nCLuFzXwFZGjsljH7iXRjdDt/8D7CThMTF+6jkkW+jJuVYFyCh12OTAmSd9LJ8xB4\njfvj3ow7Gmrzn9QN67DcqTQ+DHWEvUScy8qfs0lAz1XatPi2tf2dNO/IxSdz/bV3\n/mBkMOYbYPgSeT/6i7m2pp+3iXq6QZfAFIvVaqolVWZOuBbX8cU+XOUcrQvT+L5Y\nNNlrSJvxZ4VVaaHbqudizFYvkni12V8tQe7uPsNpTJi3iTc8ShtoTtGTiUPE7mff\nfhB9jEGy0yuIEg0VlokjRCEo5Q3D5xfPPQZeTOEiAciksQJn6PhjR9MuaxtXEYqq\n+Ej7k5UtzjI=TqDc\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nExpat is a C library for parsing XML documents. 8.1) - ppc64le, x86_64\n\n3. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 91.7.0 ESR. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Expat: Multiple Vulnerabilities\n     Date: September 29, 2022\n     Bugs: #791703, #830422, #831918, #833431, #870097\n       ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/expat             \u003c 2.4.9                      \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n      https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n      https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n      https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n      https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n      https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n      https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      },
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "db": "PACKETSTORM",
        "id": "168578"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-25235",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-484086",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2022/02/19/1",
        "trust": 1.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166277",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166276",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166453",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166348",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166275",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "168578",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166274",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "166293",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167226",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166433",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166505",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166500",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166296",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "167008",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166496",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166983",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166954",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166298",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166261",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169777",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166291",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166437",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166414",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "166300",
        "trust": 0.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-18356",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-415126",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169540",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169541",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "db": "PACKETSTORM",
        "id": "168578"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "id": "VAR-202202-0050",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:51:28.738000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-116",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202209-24"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
      },
      {
        "trust": 1.1,
        "url": "https://www.debian.org/security/2022/dsa-5085"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/libexpat/libexpat/pull/562"
      },
      {
        "trust": 1.1,
        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-25235"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-25315"
      },
      {
        "trust": 0.8,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2022-25236"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26485"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26386"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26387"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26384"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26383"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26486"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-26381"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-46143"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22827"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22825"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22824"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-23852"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22826"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22822"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2022-22823"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-45960"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-33193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25313"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-36160"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-41524"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-23990"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2022-25314"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-44224"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-39275"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
      },
      {
        "trust": 0.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:1053"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0818"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0815"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:0817"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7144"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:7143"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "db": "PACKETSTORM",
        "id": "168578"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "db": "PACKETSTORM",
        "id": "168578"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-02-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "date": "2022-03-25T15:19:32",
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "date": "2022-03-17T15:51:32",
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "date": "2022-03-11T16:37:50",
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "date": "2022-03-11T16:37:42",
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "date": "2022-03-11T16:37:32",
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "date": "2022-03-11T16:37:24",
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "date": "2022-09-30T14:56:43",
        "db": "PACKETSTORM",
        "id": "168578"
      },
      {
        "date": "2022-10-27T13:05:19",
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "date": "2022-10-27T13:05:26",
        "db": "PACKETSTORM",
        "id": "169541"
      },
      {
        "date": "2022-02-16T01:15:07.607000",
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415126"
      },
      {
        "date": "2023-11-07T03:44:44.940000",
        "db": "NVD",
        "id": "CVE-2022-25235"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat Security Advisory 2022-1053-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166453"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow, code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166453"
      },
      {
        "db": "PACKETSTORM",
        "id": "166348"
      },
      {
        "db": "PACKETSTORM",
        "id": "166277"
      },
      {
        "db": "PACKETSTORM",
        "id": "166276"
      },
      {
        "db": "PACKETSTORM",
        "id": "166275"
      },
      {
        "db": "PACKETSTORM",
        "id": "166274"
      },
      {
        "db": "PACKETSTORM",
        "id": "169540"
      },
      {
        "db": "PACKETSTORM",
        "id": "169541"
      }
    ],
    "trust": 0.8
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.