What is CVE-2022-22823?

CVE-2022-22823 is a vulnerability in the Expat library (libexpat) before version 2.4.3 that allows an integer overflow, leading to process interruption.

What is the severity of CVE-2022-22823?

The severity of CVE-2022-22823 is critical with a CVSS score of 9.8.

Which software is affected by CVE-2022-22823?

The affected software includes Expat (libexpat) versions before 2.4.3, and specific versions of Tenable Nessus, xmlrpc-c, Debian Linux, Siemens SINEMA Remote Connect Server, and various Ubuntu packages (libxmltok, expat, firefox, thunderbird).

What is the remedy for CVE-2022-22823 in Expat (libexpat)?

The remedy for CVE-2022-22823 in Expat (libexpat) is to update to version 2.4.3.

Where can I find more information about CVE-2022-22823?

You can find more information about CVE-2022-22823 at the following references: [GitHub](https://github.com/libexpat/libexpat/pull/539), [Openwall](http://www.openwall.com/lists/oss-security/2022/01/17/3), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044465).

Vulnerability/
CVE-2022-22823

critical

9.8

CWE

190

8/1/2022

3/8/2024

CVE-2022-22823: Integer Overflow

First published: Sat Jan 08 2022(Updated: )

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/expat	<0:2.1.0-14.el7_9	0:2.1.0-14.el7_9
redhat/expat	<0:2.2.5-4.el8_5.3	0:2.2.5-4.el8_5.3
redhat/xmlrpc-c	<0:1.51.0-8.el8	0:1.51.0-8.el8
Libexpat Project Libexpat	<2.4.3
Tenable Nessus	<8.15.3
Tenable Nessus	>=10.0.0<10.1.1
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
Siemens SINEMA Remote Connect Server	<3.1
redhat/expat	<2.4.3	2.4.3
debian/expat		2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1+deb12u1 2.6.4-1

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-22823?
CVE-2022-22823 is a vulnerability in the Expat library (libexpat) before version 2.4.3 that allows an integer overflow, leading to process interruption.
What is the severity of CVE-2022-22823?
The severity of CVE-2022-22823 is critical with a CVSS score of 9.8.
Which software is affected by CVE-2022-22823?
The affected software includes Expat (libexpat) versions before 2.4.3, and specific versions of Tenable Nessus, xmlrpc-c, Debian Linux, Siemens SINEMA Remote Connect Server, and various Ubuntu packages (libxmltok, expat, firefox, thunderbird).
What is the remedy for CVE-2022-22823 in Expat (libexpat)?
The remedy for CVE-2022-22823 in Expat (libexpat) is to update to version 2.4.3.
Where can I find more information about CVE-2022-22823?
You can find more information about CVE-2022-22823 at the following references: [GitHub](https://github.com/libexpat/libexpat/pull/539), [Openwall](http://www.openwall.com/lists/oss-security/2022/01/17/3), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044465).

collector/redhat-cve
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-22823
agent/remedy
agent/severity
agent/description
agent/weakness
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/first-publish-date
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/libexpat project
canonical/libexpat project libexpat
vendor/tenable
canonical/tenable nessus
version/tenable nessus/10.0.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
vendor/siemens
canonical/siemens sinema remote connect server
package-manager/debian