CVE-2022-25235

Опубликовано: 16 фев. 2022

Источник: debian

EPSS Средний

Описание

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.4.5-1		package
libxmltok	removed			package
libxmltok	ignored		bookworm	package

Примечания

https://github.com/libexpat/libexpat/pull/562
https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da
https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f
https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379

EPSS

Процентиль: 94%

0.13043

Средний

Связанные уязвимости

CVE-2022-25235

CVSS3: 9.8

ubuntu

больше 3 лет назад

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2022-25235

CVSS3: 9.8

redhat

больше 3 лет назад

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2022-25235

CVSS3: 9.8

nvd

больше 3 лет назад

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2022-25235

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

GHSA-8mw4-grgw-m3fp

CVSS3: 9.8

github

больше 3 лет назад

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

EPSS

Процентиль: 94%

0.13043

Средний