exploitDog

CVE-2022-23990

Опубликовано: 26 янв. 2022

Источник: debian

Описание

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.4.3-3		package
libxmltok	removed			package
libxmltok	ignored		bookworm	package

Примечания

https://github.com/libexpat/libexpat/pull/551
Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4)
Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4)

Связанные уязвимости

CVE-2022-23990

CVSS3: 7.5

ubuntu

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990

CVSS3: 6.5

redhat

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990

CVSS3: 7.5

nvd

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

GHSA-r3g2-gw56-v728

CVSS3: 9.8

github

больше 3 лет назад

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

ELSA-2022-9232

oracle-oval

больше 3 лет назад

ELSA-2022-9232: expat security update (IMPORTANT)