ALT-PU-2022-1348-1
Closed vulnerabilities
Published: 2022-02-21
BDU:2022-01062
Уязвимость функции copyString библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-02-21
BDU:2022-01063
Уязвимость компонента xmltok_impl.c библиотеки Expat, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-02-21
BDU:2022-01064
Уязвимость функции build_model библиотеки Expat, связанная с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-02-21
BDU:2022-01065
Уязвимость компонента xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2022-02-21
BDU:2022-01071
Уязвимость функции storeRawNames библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-02-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://github.com/libexpat/libexpat/pull/562
- https://github.com/libexpat/libexpat/pull/562
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- FEDORA-2022-04f206996b
- FEDORA-2022-04f206996b
- FEDORA-2022-3d9d67f558
- FEDORA-2022-3d9d67f558
- GLSA-202209-24
- GLSA-202209-24
- https://security.netapp.com/advisory/ntap-20220303-0008/
- https://security.netapp.com/advisory/ntap-20220303-0008/
- DSA-5085
- DSA-5085
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Published: 2022-02-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://github.com/libexpat/libexpat/pull/561
- https://github.com/libexpat/libexpat/pull/561
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- FEDORA-2022-04f206996b
- FEDORA-2022-04f206996b
- FEDORA-2022-3d9d67f558
- FEDORA-2022-3d9d67f558
- GLSA-202209-24
- GLSA-202209-24
- https://security.netapp.com/advisory/ntap-20220303-0008/
- https://security.netapp.com/advisory/ntap-20220303-0008/
- DSA-5085
- DSA-5085
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Published: 2022-02-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://github.com/libexpat/libexpat/pull/558
- https://github.com/libexpat/libexpat/pull/558
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- FEDORA-2022-04f206996b
- FEDORA-2022-04f206996b
- FEDORA-2022-3d9d67f558
- FEDORA-2022-3d9d67f558
- GLSA-202209-24
- GLSA-202209-24
- https://security.netapp.com/advisory/ntap-20220303-0008/
- https://security.netapp.com/advisory/ntap-20220303-0008/
- DSA-5085
- DSA-5085
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Published: 2022-02-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://github.com/libexpat/libexpat/pull/560
- https://github.com/libexpat/libexpat/pull/560
- FEDORA-2022-04f206996b
- FEDORA-2022-04f206996b
- FEDORA-2022-3d9d67f558
- FEDORA-2022-3d9d67f558
- GLSA-202209-24
- GLSA-202209-24
- https://security.netapp.com/advisory/ntap-20220303-0008/
- https://security.netapp.com/advisory/ntap-20220303-0008/
- DSA-5085
- DSA-5085
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Published: 2022-02-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://github.com/libexpat/libexpat/pull/559
- https://github.com/libexpat/libexpat/pull/559
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update
- FEDORA-2022-04f206996b
- FEDORA-2022-04f206996b
- FEDORA-2022-3d9d67f558
- FEDORA-2022-3d9d67f558
- GLSA-202209-24
- GLSA-202209-24
- https://security.netapp.com/advisory/ntap-20220303-0008/
- https://security.netapp.com/advisory/ntap-20220303-0008/
- DSA-5085
- DSA-5085
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html