CVE-2022-25315
published 2022-02-18CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.4.5-1 (bookworm) | expat 2.4.5-1 (bookworm) |
| debian | libxmltok | < expat 2.4.5-1 (bookworm) | expat 2.4.5-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libexpat_project | libexpat | < 2.4.5 | 2.4.5 |
| msrc | cbl2_expat_2.4.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_expat_2.4.6-1_on_cbl_mariner_1.0 | — | — |
| oracle | http_server | — | — |
| oracle | http_server | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| paloalto | pan-os | — | — |
| siemens | sinema_remote_connect_server | < 3.1 | 3.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL