CVE-2022-22822
published 2022-01-10CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.4.3-1 (bookworm) | expat 2.4.3-1 (bookworm) |
| debian | libxmltok | < expat 2.4.3-1 (bookworm) | expat 2.4.3-1 (bookworm) |
| android | — | — | |
| libexpat_project | libexpat | < 2.4.3 | 2.4.3 |
| msrc | cbl2_expat_2.4.3-1_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| platform | external_expat | >= 10:0 < 10:2022-09-01 | 10:2022-09-01 |
| platform | external_expat | >= 11:0 < 11:2022-09-01 | 11:2022-09-01 |
| platform | external_expat | >= 12:0 < 12:2022-09-01 | 12:2022-09-01 |
| platform | external_expat | >= 12L:0 < 12L:2022-09-01 | 12L:2022-09-01 |
| siemens | sinema_remote_connect_server | < 3.1 | 3.1 |
| tenable | nessus | < 8.15.3 | 8.15.3 |
| tenable | nessus | >= 10.0.0 < 10.1.1 | 10.1.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL