CVE-2022-25314
published 2022-02-18CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.4.5-1 (bookworm) | expat 2.4.5-1 (bookworm) |
| debian | libxmltok | < expat 2.4.5-1 (bookworm) | expat 2.4.5-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| android | — | — | |
| libexpat_project | libexpat | < 2.4.5 | 2.4.5 |
| msrc | cbl2_expat_2.4.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_expat_2.4.6-1_on_cbl_mariner_1.0 | — | — |
| oracle | http_server | — | — |
| oracle | http_server | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| paloalto | pan-os | — | — |
| platform | external_expat | >= 10:0 < 10:2022-09-01 | 10:2022-09-01 |
| platform | external_expat | >= 11:0 < 11:2022-09-01 | 11:2022-09-01 |
| platform | external_expat | >= 12:0 < 12:2022-09-01 | 12:2022-09-01 |
| platform | external_expat | >= 12L:0 < 12L:2022-09-01 | 12L:2022-09-01 |
| siemens | sinema_remote_connect_server | < 3.1 | 3.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv9.8CRITICAL