{"id":"CVE-2022-25315","is_known_exploited_vuln":false,"tickets":[],"description":"In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25315","https://github.com/libexpat/libexpat/pull/559","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]} {"id":"CVE-2022-40674","is_known_exploited_vuln":false,"tickets":[],"description":"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-40674","https://github.com/libexpat/libexpat/pull/629","https://github.com/libexpat/libexpat/pull/640","https://www.debian.org/security/2022/dsa-5236","https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"]} {"id":"CVE-2022-25313","is_known_exploited_vuln":false,"tickets":[],"description":"In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25313","https://github.com/libexpat/libexpat/pull/558","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]} {"id":"CVE-2022-25235","is_known_exploited_vuln":false,"tickets":[],"description":"xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25235","https://github.com/libexpat/libexpat/pull/562","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]} {"id":"CVE-2022-25314","is_known_exploited_vuln":false,"tickets":[],"description":"In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25314","https://github.com/libexpat/libexpat/pull/560","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]} {"id":"CVE-2022-25236","is_known_exploited_vuln":false,"tickets":[],"description":"xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25236","https://github.com/libexpat/libexpat/pull/561","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]} {"id":"CVE-2022-23852","is_known_exploited_vuln":false,"tickets":[],"description":"Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-23852","https://github.com/libexpat/libexpat/pull/550","https://www.tenable.com/security/tns-2022-05","https://www.debian.org/security/2022/dsa-5073","https://security.netapp.com/advisory/ntap-20220217-0001/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]} {"id":"CVE-2022-23990","is_known_exploited_vuln":false,"tickets":[],"description":"Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-23990","https://github.com/libexpat/libexpat/pull/551","https://www.tenable.com/security/tns-2022-05","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/","https://www.debian.org/security/2022/dsa-5073","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
$ equery d dev-libs/expat * These packages depend on dev-libs/expat: app-arch/libarchive-3.6.1 (expat ? dev-libs/expat[-mgorny(-)]) app-office/libreoffice-bin-7.4.1.2 (dev-libs/expat) dev-lang/python-3.7.14 (xml ? >=dev-libs/expat-2.1) dev-lang/python-3.9.14 (xml ? >=dev-libs/expat-2.1) dev-libs/dbus-glib-0.110 (>=dev-libs/expat-2.1.0-r3[-mgorny(-)]) dev-libs/wayland-1.21.0 (>=dev-libs/expat-2.1.0-r3) dev-perl/XML-Parser-2.440.0 (>=dev-libs/expat-1.95.1-r1) dev-util/cmake-3.19.7 (>=dev-libs/expat-2.0.1) dev-util/wayland-scanner-1.21.0 (>=dev-libs/expat-2.1.0-r3) dev-vcs/git-2.37.3 (webdav ? dev-libs/expat) media-gfx/exiv2-0.27.5-r1 (xmp ? dev-libs/expat[-mgorny(-)]) media-gfx/graphviz-2.44.1 (>=dev-libs/expat-2) media-libs/fontconfig-2.13.0-r4 (>=dev-libs/expat-2.1.0-r3[-mgorny(-)]) media-libs/libwmf-0.2.8.4-r7 (expat ? dev-libs/expat) media-libs/mesa-22.0.1 (>=dev-libs/expat-2.1.0-r3) net-dns/avahi-0.8 (dev-libs/expat) net-im/discord-bin-0.0.20 (dev-libs/expat) net-im/slack-bin-4.28.182 (dev-libs/expat:0[-mgorny(-)]) net-libs/neon-0.30.2 (expat ? dev-libs/expat:0[-mgorny(-)]) sys-apps/dbus-1.12.20 (>=dev-libs/expat-2.1.0) (dev-libs/expat) sys-auth/polkit-0.119-r4 (dev-libs/expat) sys-block/thin-provisioning-tools-0.8.5 (!static ? dev-libs/expat) (static ? dev-libs/expat[static-libs(+)]) sys-devel/gettext-0.20.1 (dev-libs/expat) www-client/google-chrome-105.0.5195.125 (dev-libs/expat)
- duplicates
-
FL-10565 sys-apps/util-linux-2.36.2 - Multiple vulns
- Closed