Описание
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.
Отчет
This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.
Меры по смягчению последствий
There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | thunderbird:flatpak/thunderbird | Affected | ||
| Red Hat Enterprise Linux 8 | xmlrpc-c | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 9 | xmlrpc-c | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | expat | Fixed | RHSA-2022:1309 | 12.04.2022 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2022:0824 | 10.03.2022 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:0850 | 14.03.2022 |
| Red Hat Enterprise Linux 7 | expat | Fixed | RHSA-2022:1069 | 28.03.2022 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2022:0818 | 10.03.2022 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8 Critical
CVSS3