[Debian] CVE: CVE-2022-43680: libexpat: XML_ExternalEntityParserCreate in out-of-memory
Bug #1997194 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Yue Tao |
Bug Description
CVE-2022-43680: [https:/
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEnt
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-43680 fixed 7.5 N L N N H
References:
https:/
['libexpat1_
Found during October 2022 CVE scan using vulscan
CVE References
Changed in starlingx: | |
assignee: | nobody → Yue Tao (wrytao) |
importance: | Undecided → Medium |
status: | New → Confirmed |
tags: | added: stx.security |
tags: | added: stx.8.0 |
Changed in starlingx: | |
status: | Confirmed → Triaged |
information type: | Public → Public Security |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/864822
Review: https:/