CVE-2022-43680
published 2022-10-24CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.5.0-1 (bookworm) | expat 2.5.0-1 (bookworm) |
| debian | libxmltok | < expat 2.5.0-1 (bookworm) | expat 2.5.0-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| android | — | — | |
| libexpat_project | libexpat | <= 2.4.9 | — |
| msrc | azl3_cmake_3.30.3-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_expat_2.5.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_expat_2.5.0-1_on_cbl_mariner_1.0 | — | — |
| platform | external_expat | >= 10:0 < 10:2023-02-01 | 10:2023-02-01 |
| platform | external_expat | >= 11:0 < 11:2023-02-01 | 11:2023-02-01 |
| platform | external_expat | >= 12:0 < 12:2023-02-01 | 12:2023-02-01 |
| platform | external_expat | >= 12L:0 < 12L:2023-02-01 | 12L:2023-02-01 |
| platform | external_expat | >= 13:0 < 13:2023-02-01 | 13:2023-02-01 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH