libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the XML_GetBuffer function of xmlparse.c. as it does not properly check INT_MAX byte length against the XML_CONTEXT_BYTES, allowing an attacker to cause an application crash through the configuration with a nonzero XML_CONTEXT_BYTES.

CPENameOperatorVersion
libexpat.sole1.8.6
expateq2.1
expat:sideq2.2.10-1
expat:sideq2.4.1-2
expat:edgeeq2.4.2-r0
expat:edgeeq2.4.3-r0
expat:edgeeq2.2.9-r1
expat:edgeeq2.3.0-r0
expat:edgeeq2.2.10-r1
expat:edgeeq2.4.1-r0

Name	Operator	Version
libexpat.so	le	1.8.6
expat	eq	2.1
expat:sid	eq	2.2.10-1
expat:sid	eq	2.4.1-2
expat:edge	eq	2.4.2-r0
expat:edge	eq	2.4.3-r0
expat:edge	eq	2.2.9-r1
expat:edge	eq	2.3.0-r0
expat:edge	eq	2.2.10-r1
expat:edge	eq	2.4.1-r0

Rows per page:

1-10 of 7861

References

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40

github.com/libexpat/libexpat/pull/550

lists.debian.org/debian-lts-announce/2022/03/msg00007.html

security.gentoo.org/glsa/202209-24

security.netapp.com/advisory/ntap-20220217-0001/

www.debian.org/security/2022/dsa-5073

www.oracle.com/security-alerts/cpuapr2022.html

www.tenable.com/security/tns-2022-05

nessus 59

openvas 32

amazon 2

osv 8

cbl_mariner 2

githubexploit 1

nvd 1

cvelist 1

debiancve 1

redhat 15

photon 6

cve 1

slackware 1

redhatcve 1

alpinelinux 1

prion 1

ubuntucve 1

suse 1

mageia 1

ibm 27

redos 1

f5 1

debian 3

oraclelinux 2

almalinux 1

rocky 1

centos 1

ubuntu 1

cloudfoundry 1

cloudlinux 1

ics 3

aix 1

gentoo 1

oracle 1

avleonov 1

nessus

RHEL 8 : expat (RHSA-2022:4834)

2022-05-31 00:00:00

Amazon Linux AMI : expat (ALAS-2022-1569)

2022-03-04 00:00:00

Amazon Linux 2 : expat (ALAS-2022-1754)

2022-03-04 00:00:00

openvas

Slackware: Security Advisory (SSA:2022-025-01)

2022-04-21 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0498-1)

2022-02-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0495-1)

2022-02-19 00:00:00

amazon

Medium: expat

2022-03-01 17:39:00

Medium: expat

2022-03-01 18:04:00

osv

CVE-2022-23852

2022-01-24 02:15:06

Vulnerability: external/expat (bufferSize)

2022-09-01 00:00:00

expat - security update

2022-03-07 00:00:00

cbl_mariner

CVE-2022-23852 affecting package expat 2.4.3-1

2022-02-25 01:45:35

CVE-2022-23852 affecting package expat for versions less than 2.4.8-1

2022-04-26 20:17:03

githubexploit

Exploit for Integer Overflow or Wraparound in Libexpat Project Libexpat

2022-05-10 09:22:18

nvd

CVE-2022-23852

2022-01-24 02:15:06

cvelist

CVE-2022-23852

2022-01-24 01:06:50

debiancve

CVE-2022-23852

2022-01-24 02:15:06

redhat

(RHSA-2022:4834) Moderate: expat security update

2022-05-31 10:00:29

(RHSA-2022:6890) Important: OpenShift Virtualization 4.8.7 Images bug fixes and security update

2022-10-11 14:44:32

(RHSA-2022:0951) Important: expat security update

2022-03-16 15:13:06

photon

Critical Photon OS Security Update - PHSA-2022-0149

2022-01-31 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0149

2022-02-05 00:00:00

Critical Photon OS Security Update - PHSA-2022-0466

2022-02-02 00:00:00

cve

CVE-2022-23852

2022-01-24 02:15:06

slackware

[slackware-security] expat

2022-01-25 06:35:43

redhatcve

CVE-2022-23852

2022-01-24 20:21:26

alpinelinux

CVE-2022-23852

2022-01-24 02:15:06

prion

Integer overflow

2022-01-24 02:15:00

ubuntucve

CVE-2022-23852

2022-01-24 00:00:00

suse

Security update for expat (important)

2022-02-18 00:00:00

mageia

Updated expat packages fix security vulnerability

2022-02-03 23:29:44

ibm

Security Bulletin: Due to use of Expat, IBM Tivoli Network Manager is vulnerable to arbiraty code execution (CVE-2022-23990 and CVE-2022-23852)

2022-07-21 04:24:34

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the included Expat 3rd party library (CVE-2022-23852 and CVE-2022-23990)

2022-04-20 14:28:59

Security Bulletin: Vulnerabilities in Expat (AKA libexpat) affect IBM Storage Protect for Virtual Environments: Data Protection for VMware (CVE-2022-23852, CVE-2022-23990)

2023-10-11 14:40:42

redos

ROS-20220330-02

2022-03-30 00:00:00

K19473898 : Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315

2022-04-30 00:00:00

debian

[SECURITY] [DLA 2935-1] expat security update

2022-03-07 13:35:55

[SECURITY] [DSA 5073-1] expat security update

2022-02-12 13:32:08

[SECURITY] [DLA 2904-1] expat security update

2022-01-30 21:42:20

oraclelinux

expat security update

2022-03-28 00:00:00

expat security update

2022-03-16 00:00:00

almalinux

Important: expat security update

2022-03-16 00:00:00

rocky

expat security update

2022-03-16 15:13:06

centos

expat security update

2022-03-29 22:31:03

ubuntu

Expat vulnerabilities

2022-02-21 00:00:00

cloudfoundry

USN-5288-1: Expat vulnerabilities | Cloud Foundry

2022-04-21 00:00:00

cloudlinux

Fixed 13 CVEs in expat

2022-08-17 18:50:48

ics

Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products

2023-10-05 12:00:00

Siemens SINEMA Remote Connect Server

2022-06-16 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

aix

AIX is affected by multiple vulnerabilities in Python

2022-07-28 13:12:18

gentoo

Expat: Multiple Vulnerabilities

2022-09-29 00:00:00

oracle

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for VERACODE:33883