Описание
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.
Отчет
This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw. The xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.
Меры по смягчению последствий
There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | firefox:flatpak/firefox | Affected | ||
| Red Hat Enterprise Linux 8 | thunderbird:flatpak/thunderbird | Affected | ||
| Red Hat Enterprise Linux 8 | xmlrpc-c | Not affected | ||
| Red Hat Enterprise Linux 9 | expat | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 9 | xmlrpc-c | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | expat | Fixed | RHSA-2022:1309 | 12.04.2022 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2022:0824 | 10.03.2022 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:0850 | 14.03.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...
EPSS
9.8 Critical
CVSS3