Описание
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 6 | xulrunner | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | xulrunner | Will not fix | ||
| Red Hat Enterprise Linux 7 | expat | Fixed | RHSA-2022:1069 | 28.03.2022 |
| Red Hat Enterprise Linux 8 | expat | Fixed | RHSA-2022:0951 | 16.03.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | expat | Fixed | RHSA-2022:4834 | 31.05.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES.
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
EPSS
9.8 Critical
CVSS3