xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchxmlrpc-c< 1.51.06-1.1xmlrpc-c-1.51.06-1.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	xmlrpc-c	< 1.51.06-1.1	xmlrpc-c-1.51.06-1.1.mga8

References

access.redhat.com/errata/RHSA-2022:1643

bugs.mageia.org/show_bug.cgi?id=30351

nessus 67

veracode 1

rocky 3

cbl_mariner 2

prion 1

redhat 21

cve 1

osv 13

ubuntucve 1

oraclelinux 4

amazon 5

almalinux 4

cnvd 1

broadcom 1

githubexploit 1

redhatcve 1

cvelist 1

alpinelinux 1

debiancve 1

openvas 33

nvd 1

fedora 6

photon 6

ibm 12

f5 1

redos 1

suse 2

mageia 2

slackware 1

debian 2

centos 2

nessus

RHEL 8 : xmlrpc-c (RHSA-2022:1540)

2022-04-26 00:00:00

Amazon Linux AMI : xmlrpc-c (ALAS-2022-1585)

2022-05-24 00:00:00

Rocky Linux 8 : xmlrpc-c (RLSA-2022:1643)

2023-11-07 00:00:00

veracode

Cross-Site Scripting (XSS)

2022-02-17 08:28:38

rocky

xmlrpc-c security update

2022-04-28 14:07:17

firefox security update

2022-03-10 14:36:51

thunderbird security update

2022-03-14 09:49:10

cbl_mariner

CVE-2022-25235 affecting package expat 2.4.4-1

2022-03-09 18:31:42

CVE-2022-25235 affecting package expat for versions less than 2.4.8-1

2022-04-26 20:17:03

prion

Design/Logic Flaw

2022-02-16 01:15:00

redhat

(RHSA-2022:1644) Important: xmlrpc-c security update

2022-04-28 14:07:27

(RHSA-2022:1643) Important: xmlrpc-c security update

2022-04-28 14:07:17

(RHSA-2022:1540) Important: xmlrpc-c security update

2022-04-26 09:54:17

cve

CVE-2022-25235

2022-02-16 01:15:07

osv

Important: xmlrpc-c security update

2022-04-28 14:07:17

Important: xmlrpc-c security update

2022-04-28 14:07:17

CVE-2022-25235

2022-02-16 01:15:07

ubuntucve

CVE-2022-25235

2022-02-15 00:00:00

oraclelinux

xmlrpc-c security update

2022-05-02 00:00:00

expat security update

2022-05-06 00:00:00

firefox security update

2022-03-10 00:00:00

amazon

Critical: xmlrpc-c

2022-05-20 22:12:00

Critical: xmlrpc-c

2022-05-20 22:22:00

Critical: expat

2022-03-09 22:13:00

almalinux

Important: xmlrpc-c security update

2022-04-28 14:07:17

Important: mingw-expat security update

2022-11-08 00:00:00

Critical: firefox security update

2022-03-10 14:36:51

cnvd

Expat has an unspecified vulnerability (CNVD-2022-18356)

2022-02-21 00:00:00

broadcom

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation (CVE-2022-25235)

2023-08-01 00:00:00

githubexploit

Exploit for Improper Encoding or Escaping of Output in Libexpat Project Libexpat

2022-05-24 07:00:24

redhatcve

CVE-2022-25235

2022-02-21 05:51:26

cvelist

CVE-2022-25235

2022-02-16 00:40:20

alpinelinux

CVE-2022-25235

2022-02-16 01:15:07

debiancve

CVE-2022-25235

2022-02-16 01:15:07

openvas

Mageia: Security Advisory (MGASA-2022-0183)

2022-05-19 00:00:00

Fedora: Security Advisory for thunderbird (FEDORA-2022-f202d1a045)

2022-03-23 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1707)

2023-05-08 00:00:00

nvd

CVE-2022-25235

2022-02-16 01:15:07

fedora

[SECURITY] Fedora 34 Update: thunderbird-91.7.0-1.fc34

2022-03-18 19:15:01

[SECURITY] Fedora 37 Update: thunderbird-102.7.1-2.fc37

2023-02-03 01:29:38

[SECURITY] Fedora 36 Update: thunderbird-102.7.1-2.fc36

2023-02-03 01:42:19

photon

Critical Photon OS Security Update - PHSA-2022-0444

2022-02-25 00:00:00

Critical Photon OS Security Update - PHSA-2022-0475

2022-02-25 00:00:00

Critical Photon OS Security Update - PHSA-2022-0157

2022-02-21 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped in IBM WebSphere Application Server Patterns due to Expat vulnerabilities

2022-04-29 19:27:25

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

2022-03-15 15:35:35

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25315 )

2022-07-25 14:50:44

K19473898 : Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315

2022-04-30 00:00:00

redos

ROS-20220225-01

2022-02-25 00:00:00

suse

Security update for expat (important)

2022-03-04 00:00:00

Security update for expat (important)

2022-07-06 00:00:00

mageia

Updated expat packages fix security vulnerability

2022-02-22 23:15:16

Updated firefox/nss/rootcerts packages fix security vulnerability

2022-04-29 01:46:19

slackware

[slackware-security] expat

2022-02-20 05:16:42

debian

[SECURITY] [DLA 2935-1] expat security update

2022-03-07 13:35:55

[SECURITY] [DSA 5085-1] expat security update

2022-02-22 20:17:14

centos

firefox security update

2022-03-29 13:53:09

thunderbird security update

2022-03-29 13:54:14

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for MGASA-2022-0183