Lucene search

K
mageiaGentoo FoundationMGASA-2022-0352
HistoryOct 01, 2022 - 8:48 p.m.

Updated expat packages fix security vulnerability

2022-10-0120:48:24
Gentoo Foundation
advisories.mageia.org
26

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

77.8%

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchexpat< 2.2.10-1.5expat-2.2.10-1.5.mga8

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

77.8%