Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-23852HistoryJan 24, 2022 - 2:15 a.m.
CVE-2022-23852
2022-01-2402:15:06
Alpine Linux Development Team
security.alpinelinux.org
29
expat
libexpat
integer overflow
xml_getbuffer
xml context bytes
security vulnerability
unix
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.015
Percentile
87.0%
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | qt5-qtwebengine | < 5.15.3_git20220121-r4 | UNKNOWN |
| Alpine | edge-main | noarch | expat | < 2.4.4-r0 | UNKNOWN |
| Alpine | 3.12-main | noarch | expat | < 2.2.10-r1 | UNKNOWN |
| Alpine | 3.13-main | noarch | expat | < 2.2.10-r3 | UNKNOWN |
| Alpine | 3.14-main | noarch | expat | < 2.4.4-r0 | UNKNOWN |
| Alpine | 3.15-community | noarch | qt5-qtwebengine | < 5.15.3_git20211127-r4 | UNKNOWN |
| Alpine | 3.15-main | noarch | expat | < 2.4.4-r0 | UNKNOWN |
| Alpine | 3.16-community | noarch | qt5-qtwebengine | < 5.15.3_git20220121-r4 | UNKNOWN |
| Alpine | 3.16-main | noarch | expat | < 2.4.4-r0 | UNKNOWN |
| Alpine | 3.17-community | noarch | qt5-qtwebengine | < 5.15.3_git20220121-r4 | UNKNOWN |
Related
amazon
amazon
Medium: expat
2022-03-01 17:39:00
Medium: expat
2022-03-01 18:04:00
osv
osv
CVE-2022-23852
2022-01-24 02:15:06
Vulnerability: external/expat (bufferSize)
2022-09-01 00:00:00
expat-2.4.4-1.1 on GA media
2024-06-15 00:00:00
nessus
nessus
RHEL 8 : expat (RHSA-2022:4834)
2022-05-31 00:00:00
Amazon Linux AMI : expat (ALAS-2022-1569)
2022-03-04 00:00:00
Photon OS 4.0: Expat PHSA-2022-4.0-0149
2024-07-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2022-025-01)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0498-1)
2022-02-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0495-1)
2022-02-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-23852 affecting package expat for versions less than 2.4.8-1
2022-04-26 20:17:03
CVE-2022-23852 affecting package expat 2.4.3-1
2022-02-25 01:45:35
redhat
redhat
(RHSA-2022:4834) Moderate: expat security update
2022-05-31 10:00:29
(RHSA-2022:6890) Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update
2022-10-11 14:44:32
(RHSA-2022:0951) Important: expat security update
2022-03-16 15:13:06
debiancve
debiancve
CVE-2022-23852
2022-01-24 02:15:06
githubexploit
githubexploit
Exploit for Integer Overflow or Wraparound in Libexpat Project Libexpat
2022-05-10 09:22:18
nvd
nvd
CVE-2022-23852
2022-01-24 02:15:06
cvelist
cvelist
CVE-2022-23852
2022-01-24 01:06:50
redhatcve
redhatcve
CVE-2022-23852
2022-01-24 20:21:26
ubuntucve
ubuntucve
CVE-2022-23852
2022-01-24 00:00:00
prion
prion
Integer overflow
2022-01-24 02:15:00
slackware
slackware
[slackware-security] expat
2022-01-25 06:35:43
photon
photon
Critical Photon OS Security Update - PHSA-2022-0149
2022-01-31 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0149
2022-02-05 00:00:00
Critical Photon OS Security Update - PHSA-2022-0466
2022-02-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-01-25 03:40:51
cve
cve
CVE-2022-23852
2022-01-24 02:15:06
mageia
mageia
Updated expat packages fix security vulnerability
2022-02-03 23:29:44
suse
suse
Security update for expat (important)
2022-02-18 00:00:00
ibm
ibm
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990)
2022-04-20 14:28:59
redos
redos
ROS-20220330-02
2022-03-30 00:00:00
f5
f5
debian
debian
[SECURITY] [DLA 2935-1] expat security update
2022-03-07 13:35:55
[SECURITY] [DLA 2904-1] expat security update
2022-01-30 21:42:20
[SECURITY] [DSA 5073-1] expat security update
2022-02-12 13:32:08
ubuntu
ubuntu
Expat vulnerabilities
2022-02-21 00:00:00
almalinux
almalinux
Important: expat security update
2022-03-16 00:00:00
oraclelinux
oraclelinux
expat security update
2022-03-28 00:00:00
expat security update
2022-03-16 00:00:00
rocky
rocky
expat security update
2022-03-16 15:13:06
centos
centos
expat security update
2022-03-29 22:31:03
cloudfoundry
cloudfoundry
USN-5288-1: Expat vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
cloudlinux
cloudlinux
Fixed 13 CVEs in expat
2022-08-17 18:50:48
ics
ics
Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products
2023-10-05 12:00:00
Siemens SINEMA Remote Connect Server
2022-06-16 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
aix
aix
AIX is affected by multiple vulnerabilities in Python
2022-07-28 13:12:18
gentoo
gentoo
Expat: Multiple Vulnerabilities
2022-09-29 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
avleonov
avleonov
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
10
Confidence
High
EPSS
0.015
Percentile
87.0%
Related for ALPINE:CVE-2022-23852