CVE-2022-23990
published 2022-01-26CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.4.3-3 (bookworm) | expat 2.4.3-3 (bookworm) |
| debian | libxmltok | < expat 2.4.3-3 (bookworm) | expat 2.4.3-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| android | — | — | |
| libexpat_project | libexpat | < 2.4.4 | 2.4.4 |
| msrc | cbl2_expat_2.4.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_expat_2.4.4-1_on_cbl_mariner_1.0 | — | — |
| oracle | communications_metasolv_solution | — | — |
| platform | external_expat | >= 10:0 < 10:2022-09-01 | 10:2022-09-01 |
| platform | external_expat | >= 11:0 < 11:2022-09-01 | 11:2022-09-01 |
| platform | external_expat | >= 12:0 < 12:2022-09-01 | 12:2022-09-01 |
| platform | external_expat | >= 12L:0 < 12L:2022-09-01 | 12L:2022-09-01 |
| siemens | sinema_remote_connect_server | < 3.1 | 3.1 |
| tenable | nessus | < 8.15.3 | 8.15.3 |
| tenable | nessus | >= 10.0.0 < 10.1.1 | 10.1.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH