First published: Sat Jan 08 2022(Updated: )
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
redhat/xmlrpc-c | <0:1.51.0-8.el8 | 0:1.51.0-8.el8 |
Libexpat Project Libexpat | <2.4.3 | |
Tenable Nessus | <8.15.3 | |
Tenable Nessus | >=10.0.0<10.1.1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Siemens SINEMA Remote Connect Server | <3.1 | |
redhat/expat | <2.4.3 | 2.4.3 |
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1 2.5.0-1+deb12u1 2.6.3-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-22824 is a vulnerability in Expat (libexpat) before 2.4.3, where the defineAttribute function in xmlparse.c is susceptible to an integer overflow.
CVE-2022-22824 poses a high threat to availability and confidentiality due to the potential for process interruption and unexpected termination.
CVE-2022-22824 affects Expat (libexpat) versions before 2.4.3.
CVE-2022-22824 has a severity level of critical with a score of 9.8.
Yes, you can find references regarding CVE-2022-22824 at the following links: [link1], [link2], [link3].