CVE-2022-23852 : Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Published 2022-01-24 02:15:07

Updated 2022-10-29 02:44:33

Source MITRE

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2022-23852

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Metasolv Solution » Version: 6.3.1
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
Matching versions
Siemens » Sinema Remote Connect Server
Versions before (<) 3.1
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Tenable » Nessus
Versions from including (>=) 10.0.0 and before (<) 10.1.1
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
Matching versions
Tenable » Nessus
Versions before (<) 8.15.3
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
Matching versions
Libexpat Project » Libexpat
Versions before (<) 2.4.4
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

https://www.debian.org/security/2022/dsa-5073

Debian -- Security Information -- DSA-5073-1 expat
Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuapr2022.html

Oracle Critical Patch Update Advisory - April 2022
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html

[SECURITY] [DLA 2935-1] expat security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/libexpat/libexpat/pull/550

[CVE-2022-23852] Prevent XML_GetBuffer signed integer overflow by hartwork · Pull Request #550 · libexpat/libexpat · GitHub
Issue Tracking;Patch;Third Party Advisory
https://www.tenable.com/security/tns-2022-05

[R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities - Security Advisory | Tenable®
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202209-24

Expat: Multiple Vulnerabilities (GLSA 202209-24) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20220217-0001/

CVE-2022-23852 Expat Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Third Party Advisory

CVEs referencing this url

Jump to