CVE-2022-43680

Опубликовано: 24 окт. 2022

Источник: debian

EPSS Низкий

Описание

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.5.0-1		package
libxmltok	removed			package
libxmltok	ignored		bookworm	package

Примечания

https://github.com/libexpat/libexpat/issues/649
https://github.com/libexpat/libexpat/pull/616
https://github.com/libexpat/libexpat/pull/650
Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0)
Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0)

EPSS

Процентиль: 48%

0.00244

Низкий

Связанные уязвимости

CVE-2022-43680

CVSS3: 7.5

ubuntu

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

redhat

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

nvd

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

msrc

больше 2 лет назад

Описание отсутствует

SUSE-SU-2022:3912-1

suse-cvrf

больше 2 лет назад

Security update for expat

EPSS

Процентиль: 48%

0.00244

Низкий