CVE-2022-23852

Опубликовано: 24 янв. 2022

Источник: debian

EPSS Низкий

Описание

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.4.3-2		package
libxmltok	removed			package
libxmltok	ignored		bookworm	package

https://github.com/libexpat/libexpat/pull/550
Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4)
Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44

EPSS

Процентиль: 82%

0.01846

Низкий

CVE-2022-23852

CVSS3: 9.8

ubuntu

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVE-2022-23852

CVSS3: 9.8

redhat

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVE-2022-23852

CVSS3: 9.8

nvd

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVE-2022-23852

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

GHSA-h83g-c7g2-6r9h

CVSS3: 9.8

github

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

EPSS

Процентиль: 82%

0.01846

Низкий