Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.

References

ubuntu.com/security/CVE-2022-40674

ubuntu.com/security/CVE-2022-43680

ubuntu.com/security/notices/USN-5638-4

ubuntu 2

nessus 72

openvas 32

cloudfoundry 2

osv 17

ics 1

ibm 8

fedora 4

redhat 17

slackware 1

wolfi 1

rocky 4

debian 2

f5 2

almalinux 4

suse 1

githubexploit 3

cvelist 2

gentoo 1

nvd 2

cbl_mariner 3

mageia 4

amazon 1

redhatcve 1

photon 1

oraclelinux 6

cve 1

rosalinux 1

veracode 1

prion 1

freebsd 1

ubuntu

Expat vulnerabilities

2023-02-28 00:00:00

Expat vulnerabilities

2022-11-17 00:00:00

nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Expat vulnerabilities (USN-5638-2)

2022-11-18 00:00:00

RHEL 8 : expat (Unpatched Vulnerability)

2024-05-11 00:00:00

EulerOS Virtualization 3.0.6.0 : expat (EulerOS-SA-2023-2219)

2023-06-13 00:00:00

openvas

Ubuntu: Security Advisory (USN-5638-2)

2022-11-18 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-2219)

2023-06-12 00:00:00

Ubuntu: Security Advisory (USN-5638-4)

2023-03-02 00:00:00

cloudfoundry

USN-5638-2: Expat vulnerabilities | Cloud Foundry

2022-12-07 00:00:00

USN-5638-3: Expat vulnerability | Cloud Foundry

2022-12-07 00:00:00

osv

expat vulnerabilities

2022-11-17 09:56:58

Moderate: expat security update

2023-01-12 00:00:00

expat - security update

2022-10-30 00:00:00

ics

Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x Products

2023-05-23 12:00:00

ibm

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase [CVE-2022-40674, CVE-2022-43680]

2023-01-31 14:01:21

Security Bulletin: Multiple vulnerabilities in the Expat library affect IBM® Db2® Net Search Extender may lead to denial of service or arbitrary code execution.

2023-02-08 16:06:16

Security Bulletin: AIX is affected by a denial of service (CVE-2022-43680) due to Python

2022-12-22 17:08:47

fedora

[SECURITY] Fedora 35 Update: mingw-expat-2.5.0-1.fc35

2022-11-13 01:20:59

[SECURITY] Fedora 37 Update: mingw-expat-2.5.0-1.fc37

2022-11-14 01:14:14

[SECURITY] Fedora 36 Update: mingw-expat-2.5.0-1.fc36

2022-11-13 01:19:40

redhat

(RHSA-2023:0103) Moderate: expat security update

2023-01-12 08:25:33

(RHSA-2022:6967) Important: compat-expat1 security update

2022-10-17 08:01:11

(RHSA-2022:7021) Important: thunderbird security update

2022-10-18 17:40:32

slackware

[slackware-security] expat

2022-10-25 18:53:10

wolfi

CVE-2022-43680 vulnerabilities

2024-02-07 01:47:52

rocky

expat security update

2023-01-12 08:25:33

expat security update

2023-01-23 14:30:30

firefox security update

2022-10-18 17:41:04

debian

[SECURITY] [DSA 5266-1] expat security update

2022-10-30 14:03:23

[SECURITY] [DLA 3165-1] expat security update

2022-10-28 01:43:45

K000139525: Libexpat vulnerability CVE-2022-43680

2024-05-25 00:00:00

K44454157 : Expat vulnerability CVE-2022-40674

2022-10-31 00:00:00

almalinux

Moderate: expat security update

2023-01-23 00:00:00

Important: expat security update

2022-10-06 00:00:00

Important: firefox security update

2022-10-18 00:00:00

suse

Security update for expat (important)

2022-11-07 00:00:00

githubexploit

Exploit for Use After Free in Libexpat Project Libexpat

2022-12-19 05:09:12

Exploit for Use After Free in Libexpat Project Libexpat

2022-12-02 08:26:04

Exploit for Use After Free in Libexpat Project Libexpat

2023-04-04 06:31:47

cvelist

CVE-2022-43680

2022-10-24 00:00:00

CVE-2022-40674

2022-09-14 00:00:00

gentoo

Expat: Denial of Service

2022-10-31 00:00:00

nvd

CVE-2022-43680

2022-10-24 14:15:53

CVE-2022-40674

2022-09-14 11:15:54

cbl_mariner

CVE-2022-43680 affecting package expat 2.4.9-1

2022-11-03 00:44:53

CVE-2022-40674 affecting package expat for versions less than 2.4.8-2

2022-09-23 18:23:13

CVE-2022-40674 affecting package expat 2.4.6-1

2022-10-04 07:51:28

mageia

Updated expat packages fix security vulnerability

2022-11-05 00:16:03

Updated expat packages fix security vulnerability

2022-10-01 20:48:24

Updated firefox packages fix security vulnerability

2022-10-28 09:54:08

amazon

Important: expat

2022-10-31 19:40:00

redhatcve

CVE-2022-40674

2022-09-29 05:18:54

photon

Critical Photon OS Security Update - PHSA-2022-0249

2022-09-21 00:00:00

oraclelinux

expat security update

2022-10-29 00:00:00

firefox security update

2022-10-19 00:00:00

thunderbird security update

2022-10-20 00:00:00

cve

CVE-2022-40674

2022-09-14 11:15:54

rosalinux

Advisory ROSA-SA-2023-2168

2023-06-20 09:22:31

veracode

Use-After-Free

2022-09-15 08:37:15

prion

Design/Logic Flaw

2022-09-14 11:15:00

freebsd

expat -- Heap use-after-free vulnerability

2022-09-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for OSV:USN-5638-4