| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-43680 |
416 |
|
|
2022-10-24 |
2022-12-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. |
|
2 |
CVE-2022-40674 |
416 |
|
|
2022-09-14 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. |
|
3 |
CVE-2022-25315 |
190 |
|
Overflow |
2022-02-18 |
2022-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
|
4 |
CVE-2022-25314 |
190 |
|
Overflow |
2022-02-18 |
2022-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
|
5 |
CVE-2022-25313 |
400 |
|
|
2022-02-18 |
2022-10-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. |
|
6 |
CVE-2022-25236 |
668 |
|
|
2022-02-16 |
2022-10-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
|
7 |
CVE-2022-25235 |
116 |
|
|
2022-02-16 |
2022-10-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. |
|
8 |
CVE-2022-23990 |
190 |
|
Overflow |
2022-01-26 |
2022-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
|
9 |
CVE-2022-23852 |
190 |
|
Overflow |
2022-01-24 |
2022-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
|
10 |
CVE-2022-22827 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|
11 |
CVE-2022-22826 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|
12 |
CVE-2022-22825 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|
13 |
CVE-2022-22824 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|
14 |
CVE-2022-22823 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|
15 |
CVE-2022-22822 |
190 |
|
Overflow |
2022-01-10 |
2022-10-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
|
16 |
CVE-2021-46143 |
190 |
|
Overflow |
2022-01-06 |
2022-10-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
|
17 |
CVE-2021-45960 |
682 |
|
|
2022-01-01 |
2022-10-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
|
18 |
CVE-2019-15903 |
125 |
|
|
2019-09-04 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. |
|
19 |
CVE-2018-20843 |
611 |
|
|
2019-06-24 |
2022-04-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). |
|
20 |
CVE-2017-9233 |
611 |
|
|
2017-07-25 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. |
|
21 |
CVE-2016-5300 |
399 |
|
DoS |
2016-06-16 |
2021-07-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. |
|
22 |
CVE-2016-4472 |
119 |
|
DoS Exec Code Overflow |
2016-06-30 |
2023-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. |
|
23 |
CVE-2016-0718 |
119 |
|
DoS Exec Code Overflow |
2016-05-26 |
2023-02-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. |
|
24 |
CVE-2015-1283 |
190 |
|
DoS Overflow |
2015-07-23 |
2022-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. |
|
25 |
CVE-2013-0340 |
611 |
|
DoS |
2014-01-21 |
2023-02-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. |
|
26 |
CVE-2012-6702 |
310 |
|
|
2016-06-16 |
2021-01-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. |
|
27 |
CVE-2012-1148 |
399 |
|
DoS |
2012-07-03 |
2021-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. |
|
28 |
CVE-2012-1147 |
20 |
|
DoS |
2012-07-03 |
2021-01-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. |
|
29 |
CVE-2012-0876 |
400 |
|
DoS |
2012-07-03 |
2022-08-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. |
