Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-25313HistoryFeb 18, 2022 - 5:15 a.m.
CVE-2022-25313
2022-02-1805:15:08
Debian Security Bug Tracker
security-tracker.debian.org
31
expat
stack exhaustion
dtd
element
unix
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.009
Percentile
83.3%
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | expat | < 2.4.5-1 | expat_2.4.5-1_all.deb |
| Debian | 11 | all | expat | < 2.2.10-2+deb11u2 | expat_2.2.10-2+deb11u2_all.deb |
| Debian | 999 | all | expat | < 2.4.5-1 | expat_2.4.5-1_all.deb |
| Debian | 13 | all | expat | < 2.4.5-1 | expat_2.4.5-1_all.deb |
Related
cve
cve
CVE-2022-25313
2022-02-18 05:15:08
cnvd
cnvd
Expat has an unspecified vulnerability (CNVD-2022-18354)
2022-02-22 00:00:00
osv
osv
CVE-2022-25313
2022-02-18 05:15:08
Moderate: expat security update
2022-07-01 00:00:00
Moderate: expat security update
2022-06-30 00:00:00
alpinelinux
alpinelinux
CVE-2022-25313
2022-02-18 05:15:08
cbl_mariner
cbl_mariner
CVE-2022-25313 affecting package expat 2.4.4-1
2022-03-09 18:31:42
CVE-2022-25313 affecting package expat for versions less than 2.4.8-1
2022-04-26 20:17:03
cvelist
cvelist
CVE-2022-25313
2022-02-18 04:23:04
githubexploit
githubexploit
Exploit for Uncontrolled Recursion in Libexpat Project Libexpat
2022-05-11 07:40:30
Exploit for Uncontrolled Recursion in Libexpat Project Libexpat
2023-04-12 04:51:25
prion
prion
Stack overflow
2022-02-18 05:15:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0369
2022-03-04 00:00:00
Moderate Photon OS Security Update - PHSA-2022-3.0-0369
2022-03-10 00:00:00
Important Photon OS Security Update - PHSA-2022-0477
2022-03-04 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-25313
2022-11-04 17:54:35
ubuntucve
ubuntucve
CVE-2022-25313
2022-02-18 00:00:00
redhatcve
redhatcve
CVE-2022-25313
2022-02-21 04:45:32
veracode
veracode
Denial Of Service (DoS)
2022-02-20 22:20:00
nessus
nessus
Photon OS 4.0: Expat PHSA-2022-4.0-0160
2024-07-23 00:00:00
AlmaLinux 9 : expat (ALSA-2022:5244)
2022-11-16 00:00:00
NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2022-0104)
2022-12-19 00:00:00
broadcom
broadcom
nvd
nvd
CVE-2022-25313
2022-02-18 05:15:08
redhat
redhat
(RHSA-2022:5314) Moderate: expat security update
2022-06-28 10:52:05
(RHSA-2022:5244) Moderate: expat security update
2022-06-28 08:27:13
(RHSA-2022:7811) Important: mingw-expat security update
2022-11-08 06:30:08
openvas
openvas
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-2143)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-2266)
2024-08-22 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-2422)
2023-07-25 00:00:00
almalinux
almalinux
Moderate: expat security update
2022-07-01 00:00:00
Moderate: expat security update
2022-06-30 00:00:00
Important: mingw-expat security update
2022-11-08 00:00:00
amazon
amazon
Medium: expat
2023-09-27 22:49:00
oraclelinux
oraclelinux
expat security update
2022-06-30 00:00:00
expat security update
2022-06-30 00:00:00
rocky
rocky
expat security update
2022-06-28 10:52:05
ubuntu
ubuntu
Expat vulnerabilities and regression
2022-03-10 00:00:00
cloudfoundry
cloudfoundry
USN-5320-1: Expat vulnerabilities and regression | Cloud Foundry
2022-04-21 00:00:00
debian
debian
[SECURITY] [DSA 5085-1] expat security update
2022-02-22 20:17:14
[SECURITY] [DLA 2935-1] expat security update
2022-03-07 13:35:55
fedora
fedora
[SECURITY] Fedora 35 Update: mingw-expat-2.4.6-1.fc35
2022-03-01 18:20:49
[SECURITY] Fedora 34 Update: mingw-expat-2.4.6-1.fc34
2022-03-01 18:37:17
suse
suse
Security update for expat (important)
2022-03-04 00:00:00
Security update for expat (important)
2022-07-06 00:00:00
redos
redos
ROS-20220225-01
2022-02-25 00:00:00
slackware
slackware
[slackware-security] expat
2022-02-20 05:16:42
mageia
mageia
Updated expat packages fix security vulnerability
2022-02-22 23:15:16
aix
aix
AIX is affected by multiple vulnerabilities in Python
2022-07-28 13:12:18
gentoo
gentoo
Expat: Multiple Vulnerabilities
2022-09-29 00:00:00
ics
ics
Siemens SINEMA Remote Connect Server
2022-06-16 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
avleonov
avleonov
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.009
Percentile
83.3%
Related for DEBIANCVE:CVE-2022-25313