CVE-2022-23990: expat: integer overflow in the doProlog function
Bug #1975755 reported by
Joe Slater
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Joe Slater |
Bug Description
CVE-2022-23990: https:/
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Description:
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Score:
cve_id status cvss2Score av ac au ai
CVE-2022-23990 fixed 7.5 N L N C
Note:
No fix on CentOS 7, so we need to covert expat to source rpm and fix it by applying a source patch
Severity: Critical CVE
CVE References
Changed in starlingx: | |
assignee: | nobody → Joe Slater (jslater0wind) |
information type: | Public → Public Security |
tags: | added: stx.security |
summary: |
- CVE-2022-23990 expat + CVE-2022-23990: expat: libexpat before 2.4.4 has an integer overflow in + the doProlog function |
summary: |
- CVE-2022-23990: expat: libexpat before 2.4.4 has an integer overflow in - the doProlog function + CVE-2022-23990: expat: integer overflow in the doProlog function |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.7.0 |
description: | updated |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /integ/ +/844891
Review: https:/