CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
97.8%
Tim Boddy, Gustavo Grieco and others discovered that Expat, that is
integrated in xmltok library, incorrectly handled certain files.
An attacker could possibly use these issues to cause a denial of
service, or possibly execute arbitrary code. These issues were only
addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903,
CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled encoding validation of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25235)
It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled namespace URIs of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25236)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | libxmltok1 | < 1.2-4ubuntu0.22.04.1~esm1 | UNKNOWN |
Ubuntu | 22.04 | noarch | libxmltok1 | < 1.2-4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libxmltok1-dbgsym | < 1.2-4 | UNKNOWN |
Ubuntu | 22.04 | noarch | libxmltok1-dev | < 1.2-4 | UNKNOWN |
Ubuntu | 20.04 | noarch | libxmltok1 | < 1.2-4ubuntu0.20.04.1~esm1 | UNKNOWN |
Ubuntu | 20.04 | noarch | libxmltok1 | < 1.2-4 | UNKNOWN |
Ubuntu | 20.04 | noarch | libxmltok1-dbgsym | < 1.2-4 | UNKNOWN |
Ubuntu | 20.04 | noarch | libxmltok1-dev | < 1.2-4 | UNKNOWN |
Ubuntu | 18.04 | noarch | libxmltok1 | < 1.2-4ubuntu0.18.04.1~esm1 | UNKNOWN |
Ubuntu | 18.04 | noarch | libxmltok1 | < 1.2-4 | UNKNOWN |
ubuntu.com/security/CVE-2012-1148
ubuntu.com/security/CVE-2015-1283
ubuntu.com/security/CVE-2016-0718
ubuntu.com/security/CVE-2016-4472
ubuntu.com/security/CVE-2018-20843
ubuntu.com/security/CVE-2019-15903
ubuntu.com/security/CVE-2021-46143
ubuntu.com/security/CVE-2022-22822
ubuntu.com/security/CVE-2022-22823
ubuntu.com/security/CVE-2022-22824
ubuntu.com/security/CVE-2022-22825
ubuntu.com/security/CVE-2022-22826
ubuntu.com/security/CVE-2022-22827
ubuntu.com/security/CVE-2022-25235
ubuntu.com/security/CVE-2022-25236
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
97.8%