Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2639
Vulnerability from csaf_certbund
Published
2023-10-12 22:00
Modified
2023-10-12 22:00
Summary
Hitachi Energy AFS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
ABB FOX Switch (AFS) ist eine Produktfamilie von industriellen Ethernet-Switches für Anwendungen in Versorgungsunternehmen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Hitachi Energy AFS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- BIOS/Firmware
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "ABB FOX Switch (AFS) ist eine Produktfamilie von industriellen Ethernet-Switches für Anwendungen in Versorgungsunternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Hitachi Energy AFS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- BIOS/Firmware", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2639 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2639.json", }, { category: "self", summary: "WID-SEC-2023-2639 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2639", }, { category: "external", summary: "Hitachi Energy Security Advisory 8DBD000165 vom 2023-10-12", url: "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000165&DocumentRevisionId=B&languageCode=en&Preview=true", }, ], source_lang: "en-US", title: "Hitachi Energy AFS: Mehrere Schwachstellen", tracking: { current_release_date: "2023-10-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:59:50.346+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2639", initial_release_date: "2023-10-12T22:00:00.000+00:00", revision_history: [ { date: "2023-10-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Hitachi Energy AFS", product: { name: "Hitachi Energy AFS", product_id: "T030491", product_identification_helper: { cpe: "cpe:/h:abb:afs:-", }, }, }, ], category: "vendor", name: "Hitachi Energy", }, ], }, vulnerabilities: [ { cve: "CVE-2022-25315", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-25315", }, { cve: "CVE-2022-25314", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-25314", }, { cve: "CVE-2022-25236", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-25236", }, { cve: "CVE-2022-25235", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-25235", }, { cve: "CVE-2022-23990", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-23990", }, { cve: "CVE-2022-23852", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-23852", }, { cve: "CVE-2022-22827", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-22827", }, { cve: "CVE-2022-22826", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-22826", }, { cve: "CVE-2022-22825", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-22825", }, { cve: "CVE-2022-22824", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-22824", }, { cve: "CVE-2022-22823", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-22823", }, { cve: "CVE-2022-22822", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2022-22822", }, { cve: "CVE-2021-46143", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2021-46143", }, { cve: "CVE-2021-45960", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Hitachi Energy AFS und anderen OT-Produkten des Herstellers. Diese Fehler bestehen in den Komponenten \"libexpat\" und \"SynaMan\" aufgrund mehrerer Fehler in der Speicherverwaltung (z. B. Integer-Überlauf) und unzureichender Eingabeprüfungen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T030491", ], }, release_date: "2023-10-12T22:00:00.000+00:00", title: "CVE-2021-45960", }, ], }
cve-2022-22824
Vulnerability from cvelistv5
Published
2022-01-08 02:56
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/539 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.378Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22824", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/539", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22824", datePublished: "2022-01-08T02:56:58", dateReserved: "2022-01-08T00:00:00", dateUpdated: "2024-08-03T03:28:42.378Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25235
Vulnerability from cvelistv5
Published
2022-02-16 00:40
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/562 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/19/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5085 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0008/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/562", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/562", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/562", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/562", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25235", datePublished: "2022-02-16T00:40:20", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45960
Vulnerability from cvelistv5
Published
2022-01-01 18:47
Modified
2024-08-04 04:54
Severity ?
EPSS score ?
Summary
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/issues/531 | x_refsource_MISC | |
| https://github.com/libexpat/libexpat/pull/534 | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220121-0004/ | x_refsource_CONFIRM | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:54:31.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/issues/531", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/534", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220121-0004/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/issues/531", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/534", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220121-0004/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45960", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/issues/531", refsource: "MISC", url: "https://github.com/libexpat/libexpat/issues/531", }, { name: "https://github.com/libexpat/libexpat/pull/534", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/534", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", refsource: "MISC", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://security.netapp.com/advisory/ntap-20220121-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220121-0004/", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45960", datePublished: "2022-01-01T18:47:46", dateReserved: "2022-01-01T00:00:00", dateUpdated: "2024-08-04T04:54:31.123Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22825
Vulnerability from cvelistv5
Published
2022-01-08 02:56
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/539 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:06:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22825", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/539", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22825", datePublished: "2022-01-08T02:56:48", dateReserved: "2022-01-08T00:00:00", dateUpdated: "2024-08-03T03:28:42.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23852
Vulnerability from cvelistv5
Published
2022-01-24 01:06
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/550 | x_refsource_MISC | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20220217-0001/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:46.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/550", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220217-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/550", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220217-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-23852", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/550", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/550", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "https://security.netapp.com/advisory/ntap-20220217-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220217-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-23852", datePublished: "2022-01-24T01:06:50", dateReserved: "2022-01-24T00:00:00", dateUpdated: "2024-08-03T03:51:46.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46143
Vulnerability from cvelistv5
Published
2022-01-06 03:48
Modified
2024-08-04 05:02
Severity ?
EPSS score ?
Summary
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/issues/532 | x_refsource_MISC | |
| https://github.com/libexpat/libexpat/pull/538 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220121-0006/ | x_refsource_CONFIRM | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:02:11.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/issues/532", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/538", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220121-0006/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/issues/532", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/538", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220121-0006/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-46143", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/issues/532", refsource: "MISC", url: "https://github.com/libexpat/libexpat/issues/532", }, { name: "https://github.com/libexpat/libexpat/pull/538", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/538", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://security.netapp.com/advisory/ntap-20220121-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220121-0006/", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-46143", datePublished: "2022-01-06T03:48:26", dateReserved: "2022-01-06T00:00:00", dateUpdated: "2024-08-04T05:02:11.585Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22826
Vulnerability from cvelistv5
Published
2022-01-08 02:56
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/539 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22826", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/539", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22826", datePublished: "2022-01-08T02:56:39", dateReserved: "2022-01-08T00:00:00", dateUpdated: "2024-08-03T03:28:42.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25236
Vulnerability from cvelistv5
Published
2022-02-16 00:39
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/561", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/561", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25236", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/561", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/561", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25236", datePublished: "2022-02-16T00:39:16", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23990
Vulnerability from cvelistv5
Published
2022-01-26 18:02
Modified
2024-08-03 03:59
Severity ?
EPSS score ?
Summary
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/551 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:59:23.260Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/551", }, { name: "FEDORA-2022-d2abd0858e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", }, { name: "FEDORA-2022-88f6a3d290", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/551", }, { name: "FEDORA-2022-d2abd0858e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", }, { name: "FEDORA-2022-88f6a3d290", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-23990", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/551", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/551", }, { name: "FEDORA-2022-d2abd0858e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/", }, { name: "FEDORA-2022-88f6a3d290", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-23990", datePublished: "2022-01-26T18:02:02", dateReserved: "2022-01-26T00:00:00", dateUpdated: "2024-08-03T03:59:23.260Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25314
Vulnerability from cvelistv5
Published
2022-02-18 04:25
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/560 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/19/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5085 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0008/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/560", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/560", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25314", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/560", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/560", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25314", datePublished: "2022-02-18T04:25:11", dateReserved: "2022-02-18T00:00:00", dateUpdated: "2024-08-03T04:36:06.771Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22827
Vulnerability from cvelistv5
Published
2022-01-08 02:56
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/539 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22827", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/539", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22827", datePublished: "2022-01-08T02:56:30", dateReserved: "2022-01-08T00:00:00", dateUpdated: "2024-08-03T03:28:42.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22822
Vulnerability from cvelistv5
Published
2022-01-08 02:57
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/539 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:49.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22822", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/539", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22822", datePublished: "2022-01-08T02:57:15", dateReserved: "2022-01-08T00:00:00", dateUpdated: "2024-08-03T03:21:49.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25315
Vulnerability from cvelistv5
Published
2022-02-18 04:24
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/559 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/19/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5085 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0008/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/559", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/559", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/559", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/559", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25315", datePublished: "2022-02-18T04:24:43", dateReserved: "2022-02-18T00:00:00", dateUpdated: "2024-08-03T04:36:06.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22823
Vulnerability from cvelistv5
Published
2022-01-08 02:57
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/539 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/tns-2022-05 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5073 | vendor-advisory, x_refsource_DEBIAN | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:49.161Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-22823", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/539", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/539", }, { name: "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/17/3", }, { name: "https://www.tenable.com/security/tns-2022-05", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2022-05", }, { name: "DSA-5073", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5073", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-22823", datePublished: "2022-01-08T02:57:07", dateReserved: "2022-01-08T00:00:00", dateUpdated: "2024-08-03T03:21:49.161Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.