Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Related bugs and status

CVE-2022-23852 (Candidate) is related to these bugs:

Bug #1969362: CVE-2021-45960 / CVE-2022-22822 / CVE-2022-22823 / CVE-2022-22824 / CVE-2022-23852 / CVE-2022-25235 / CVE-2022-25236 / CVE-2022-25315: expat multiple CVEs

Summary				In	Importance	Status
	1969362	CVE-2021-45960 / CVE-2022-22822 / CVE-2022-22823 / CVE-2022-22824 / CVE-2022-23852 / CVE-2022-25235 / CVE-2022-25236 / CVE-2022-25315: expat multiple CVEs		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/lib...
CONFIRM: https://www.tenable.co...
DEBIAN: DSA-5073
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
MISC: https://www.oracle.com...
CONFIRM: https://cert-portal.si...
GENTOO: GLSA-202209-24