libexpat.so is vulnerable to Integer Overflow. The vulnerability exists because the defineAttribute function of xmlparse.c doesn’t check the input length which allows an attacker to leverage an overflow causing an application crash.

CPENameOperatorVersion
libexpat.sole1.8.2
expateq2.1
expat:sideq2.2.10-1
expat:sideq2.4.1-2
expat:edgeeq2.4.2-r0
expat:edgeeq2.2.9-r1
expat:edgeeq2.4.1-r0
expat:edgeeq2.2.10-r1
expat:edgeeq2.3.0-r0
expat:3.13eq2.2.10-r1

Name	Operator	Version
libexpat.so	le	1.8.2
expat	eq	2.1
expat:sid	eq	2.2.10-1
expat:sid	eq	2.4.1-2
expat:edge	eq	2.4.2-r0
expat:edge	eq	2.2.9-r1
expat:edge	eq	2.4.1-r0
expat:edge	eq	2.2.10-r1
expat:edge	eq	2.3.0-r0
expat:3.13	eq	2.2.10-r1

Rows per page:

1-10 of 14121

References

www.openwall.com/lists/oss-security/2022/01/17/3

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

github.com/advisories/GHSA-5pj8-9wmw-j96m

github.com/libexpat/libexpat/commit/b4b28ce597034c118540d1e21efe322458a01d69

github.com/libexpat/libexpat/pull/539

security.gentoo.org/glsa/202209-24

www.debian.org/security/2022/dsa-5073

www.tenable.com/security/tns-2022-05

alpinelinux 1

cvelist 1

nvd 1

debiancve 1

cnvd 1

redhatcve 1

osv 9

prion 1

cbl_mariner 2

cve 1

nessus 59

f5 1

ubuntucve 1

ibm 25

photon 6

amazon 2

rocky 2

redhat 12

oraclelinux 3

almalinux 2

openvas 27

mageia 1

slackware 1

suse 1

hp 1

altlinux 1

debian 2

cloudfoundry 1

centos 1

ubuntu 2

cloudlinux 1

ics 3

aix 1

gentoo 1

avleonov 1

alpinelinux

CVE-2022-22824

2022-01-10 14:12:56

cvelist

CVE-2022-22824

2022-01-08 02:56:58

nvd

CVE-2022-22824

2022-01-10 14:12:56

debiancve

CVE-2022-22824

2022-01-10 14:12:56

cnvd

Expat defineAttribute function buffer overflow vulnerability

2022-01-14 00:00:00

redhatcve

CVE-2022-22824

2022-01-24 17:32:45

osv

CVE-2022-22824

2022-01-10 14:12:56

Moderate: xmlrpc-c security update

2022-11-08 00:00:00

Moderate: xmlrpc-c security update

2022-11-08 06:26:32

prion

Integer overflow

2022-01-10 14:12:00

cbl_mariner

CVE-2022-22824 affecting package expat for versions less than 2.4.3-1

2022-04-09 06:51:43

CVE-2022-22824 affecting package expat 2.4.1-2

2022-01-26 22:53:38

cve

CVE-2022-22824

2022-01-10 14:12:56

nessus

F5 Networks BIG-IP : Expat vulnerabilities (K23421535)

2022-05-01 00:00:00

Oracle Linux 8 : xmlrpc-c (ELSA-2022-7692)

2022-11-15 00:00:00

CentOS 8 : xmlrpc-c (CESA-2022:7692)

2022-11-08 00:00:00

K23421535 : Expat vulnerabilities CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824

2022-05-01 00:00:00

ubuntucve

CVE-2022-22824

2022-01-10 00:00:00

ibm

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )

2022-07-25 14:51:53

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

2022-03-02 18:47:38

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server

2022-03-04 19:18:28

photon

Critical Photon OS Security Update - PHSA-2022-0353

2022-01-19 00:00:00

Critical Photon OS Security Update - PHSA-2022-3.0-0353

2022-01-19 00:00:00

Critical Photon OS Security Update - PHSA-2022-0462

2022-01-22 00:00:00

amazon

Medium: expat

2022-06-30 23:38:00

Medium: expat

2022-07-06 03:09:00

rocky

xmlrpc-c security update

2022-11-08 06:26:32

expat security update

2022-03-16 15:13:06

redhat

(RHSA-2022:7692) Moderate: xmlrpc-c security update

2022-11-08 06:26:32

(RHSA-2022:0951) Important: expat security update

2022-03-16 15:13:06

(RHSA-2022:1069) Important: expat security update

2022-03-28 08:42:24

oraclelinux

xmlrpc-c security update

2022-11-15 00:00:00

expat security update

2022-03-16 00:00:00

expat security update

2022-03-28 00:00:00

almalinux

Moderate: xmlrpc-c security update

2022-11-08 00:00:00

Important: expat security update

2022-03-16 00:00:00

openvas

Mageia: Security Advisory (MGASA-2022-0031)

2022-01-28 00:00:00

openSUSE: Security Advisory for expat (openSUSE-SU-2022:0178-1)

2022-02-08 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:14878-1)

2022-01-26 00:00:00

mageia

Updated expat packages fix security vulnerability

2022-01-25 15:13:11

slackware

[slackware-security] expat

2022-01-16 21:48:11

suse

Security update for expat (important)

2022-01-25 00:00:00

Expat Library update for Teradici PCoIP Software and Firmware

2022-04-11 00:00:00

altlinux

Security fix for the ALT Linux 9 package expat version 2.4.3-alt1

2022-01-31 00:00:00

debian

[SECURITY] [DSA 5073-1] expat security update

2022-02-12 13:32:08

[SECURITY] [DLA 2904-1] expat security update

2022-01-30 21:42:20

cloudfoundry

USN-5288-1: Expat vulnerabilities | Cloud Foundry

2022-04-21 00:00:00

centos

expat security update

2022-03-29 22:31:03

ubuntu

Expat vulnerabilities

2022-02-21 00:00:00

xmltok library vulnerabilities

2022-07-19 00:00:00

cloudlinux

Fixed 13 CVEs in expat

2022-08-17 18:50:48

ics

Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products

2023-10-05 12:00:00

Siemens SINEMA Remote Connect Server

2022-06-16 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

aix

AIX is affected by multiple vulnerabilities in Python

2022-07-28 13:12:18

gentoo

Expat: Multiple Vulnerabilities

2022-09-29 00:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for VERACODE:33582