ELSA-2023-0337

Опубликовано: 24 янв. 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-0337: expat security update (MODERATE)

[2.4.9-1.1]

CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
Resolves: CVE-2022-43680

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

expat

2.4.9-1.el9_1.1

expat-devel

2.4.9-1.el9_1.1

Oracle Linux x86_64

expat

2.4.9-1.el9_1.1

expat-devel

2.4.9-1.el9_1.1

Связанные CVE

CVE-2022-43680

Ссылки на источники

Связанные уязвимости

CVE-2022-43680

CVSS3: 7.5

ubuntu

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

redhat

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

nvd

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-43680

CVSS3: 7.5

msrc

больше 2 лет назад

Описание отсутствует

CVE-2022-43680

CVSS3: 7.5

debian

больше 2 лет назад

In libexpat through 2.4.9, there is a use-after free caused by overeag ...