CVE-2022-22824
published 2022-01-10CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.4.3-1 (bookworm) | expat 2.4.3-1 (bookworm) |
| debian | libxmltok | < expat 2.4.3-1 (bookworm) | expat 2.4.3-1 (bookworm) |
| libexpat_project | libexpat | < 2.4.3 | 2.4.3 |
| msrc | cbl2_expat_2.4.3-1_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| siemens | sinema_remote_connect_server | < 3.1 | 3.1 |
| tenable | nessus | < 8.15.3 | 8.15.3 |
| tenable | nessus | >= 10.0.0 < 10.1.1 | 10.1.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL