ALT-PU-2022-4245-1

BDU:2022-01065

MEDIUM5.3

Уязвимость компонента xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2022-03-04Изменено: 2025-09-05

CVSS 3.xСРЕДНЯЯ 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

Ссылки

CVE-2022-25236

CVE-2022-25236

CRITICAL9.8

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Опубликовано: 2022-02-16Изменено: 2025-05-05

CVSS 2.0ВЫСОКАЯ 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xКРИТИЧЕСКАЯ 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Ссылки

http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2022/02/19/1
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://github.com/libexpat/libexpat/pull/561
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.gentoo.org/glsa/202209-24
https://security.netapp.com/advisory/ntap-20220303-0008/
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html
http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
http://www.openwall.com/lists/oss-security/2022/02/19/1
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://github.com/libexpat/libexpat/pull/561
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.gentoo.org/glsa/202209-24
https://security.netapp.com/advisory/ntap-20220303-0008/
https://www.debian.org/security/2022/dsa-5085
https://www.oracle.com/security-alerts/cpuapr2022.html

Обновление пакета expat в ветке sisyphus_riscv64

Закрытые проблемы (2)

Уязвимость компонента xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.