ALT-PU-2022-7414-1
Closed vulnerabilities
Published: 2022-10-24
BDU:2023-02688
Уязвимость функции XML_ExternalEntityParserCreate библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-10-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- [oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- [oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- [oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- [oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
- https://github.com/libexpat/libexpat/issues/649
- https://github.com/libexpat/libexpat/issues/649
- https://github.com/libexpat/libexpat/pull/616
- https://github.com/libexpat/libexpat/pull/616
- https://github.com/libexpat/libexpat/pull/650
- https://github.com/libexpat/libexpat/pull/650
- [debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update
- [debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update
- FEDORA-2022-3cf0e7ebc7
- FEDORA-2022-3cf0e7ebc7
- FEDORA-2022-ae2559a8f4
- FEDORA-2022-ae2559a8f4
- FEDORA-2022-49db80f821
- FEDORA-2022-49db80f821
- FEDORA-2022-c43235716e
- FEDORA-2022-c43235716e
- FEDORA-2022-f3a939e960
- FEDORA-2022-f3a939e960
- FEDORA-2022-5f1e2e9016
- FEDORA-2022-5f1e2e9016
- GLSA-202210-38
- GLSA-202210-38
- https://security.netapp.com/advisory/ntap-20221118-0007/
- https://security.netapp.com/advisory/ntap-20221118-0007/
- DSA-5266
- DSA-5266