CVE-2022-23990

Опубликовано: 26 янв. 2022

Источник: debian

EPSS Низкий

Описание

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.4.3-3		package
libxmltok	removed			package
libxmltok	ignored		bookworm	package

https://github.com/libexpat/libexpat/pull/551
Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4)
Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4)

EPSS

Процентиль: 88%

0.04361

Низкий

CVE-2022-23990

CVSS3: 7.5

ubuntu

почти 4 года назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990

CVSS3: 6.5

redhat

почти 4 года назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990

CVSS3: 7.5

nvd

почти 4 года назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990

CVSS3: 7.5

msrc

почти 4 года назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

GHSA-r3g2-gw56-v728

CVSS3: 9.8

github

почти 4 года назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

EPSS

Процентиль: 88%

0.04361

Низкий