© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
This LP tracks the following expat related CVEs:
CVE-2021-45960: https:/
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2022-22822: https:/
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823: https:/
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824: https:/
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-23852: https:/
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-25235: https:/
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25236: https:/
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25315: https:/
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Score:
cve_id status cvss2Score av ac au ai
CVE-2021-45960 fixed 9 N L S C
CVE-2022-22822 fixed 7.5 N L N P
CVE-2022-22823 fixed 7.5 N L N P
CVE-2022-22824 fixed 7.5 N L N P
CVE-2022-23852 fixed 7.5 N L N P
CVE-2022-25235 fixed 7.5 N L N P
CVE-2022-25236 fixed 7.5 N L N P
CVE-2022-25315 fixed 7.5 N L N P
References:
https:/
https:/
https:/
https:/