CVE-2021-45960 / CVE-2022-22822 / CVE-2022-22823 / CVE-2022-22824 / CVE-2022-23852 / CVE-2022-25235 / CVE-2022-25236 / CVE-2022-25315: expat multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Joe Slater |
Bug Description
This LP tracks the following expat related CVEs:
CVE-2021-45960: https:/
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2022-22822: https:/
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823: https:/
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824: https:/
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-23852: https:/
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-25235: https:/
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25236: https:/
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25315: https:/
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Score:
cve_id status cvss2Score av ac au ai
CVE-2021-45960 fixed 9 N L S C
CVE-2022-22822 fixed 7.5 N L N P
CVE-2022-22823 fixed 7.5 N L N P
CVE-2022-22824 fixed 7.5 N L N P
CVE-2022-23852 fixed 7.5 N L N P
CVE-2022-25235 fixed 7.5 N L N P
CVE-2022-25236 fixed 7.5 N L N P
CVE-2022-25315 fixed 7.5 N L N P
References:
https:/
https:/
https:/
https:/
Found during April 2022 CVE scan using vulscan
CVE References
Changed in starlingx: | |
assignee: | Yue Tao (wrytao) → Joe Slater (jslater0wind) |
Screening: Marking as medium priority as this CVE meets the StarlingX fix criteria. Should be fixed in stx master and considered for cherry-pick to stx.6.0 if a maintenance release is planned