What is CVE-2022-22825?

CVE-2022-22825 is a vulnerability in Expat (libexpat) before version 2.4.3, causing an integer overflow in the xmlparse.c file.

What is the severity of CVE-2022-22825?

CVE-2022-22825 has a severity score of 8.8, which is considered high.

How does CVE-2022-22825 affect availability?

CVE-2022-22825 can lead to process interruption, affecting availability.

What is the remedy for CVE-2022-22825?

The recommended remedy for CVE-2022-22825 is to upgrade Expat (libexpat) to version 2.4.3.

Are there any references for CVE-2022-22825?

Yes, you can find references for CVE-2022-22825 at the following links: [GitHub Pull Request](https://github.com/libexpat/libexpat/pull/539), [Openwall Mailing List](http://www.openwall.com/lists/oss-security/2022/01/17/3), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044482).

Vulnerability/
CVE-2022-22825

high

8.8

CWE

190

8/1/2022

3/8/2024

CVE-2022-22825: Integer Overflow

First published: Sat Jan 08 2022(Updated: )

expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/expat	<0:2.1.0-14.el7_9	0:2.1.0-14.el7_9
redhat/expat	<0:2.2.5-4.el8_5.3	0:2.2.5-4.el8_5.3
redhat/xmlrpc-c	<0:1.51.0-8.el8	0:1.51.0-8.el8
Libexpat Project Libexpat	<2.4.3
Tenable Nessus	<8.15.3
Tenable Nessus	>=10.0.0<10.1.1
Debian Debian Linux	=10.0
Debian Debian Linux	=11.0
Siemens SINEMA Remote Connect Server	<3.1
redhat/expat	<2.4.3	2.4.3
debian/expat		2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1+deb12u1 2.6.4-1

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-22825?
CVE-2022-22825 is a vulnerability in Expat (libexpat) before version 2.4.3, causing an integer overflow in the xmlparse.c file.
What is the severity of CVE-2022-22825?
CVE-2022-22825 has a severity score of 8.8, which is considered high.
How does CVE-2022-22825 affect availability?
CVE-2022-22825 can lead to process interruption, affecting availability.
What is the remedy for CVE-2022-22825?
The recommended remedy for CVE-2022-22825 is to upgrade Expat (libexpat) to version 2.4.3.
Are there any references for CVE-2022-22825?
Yes, you can find references for CVE-2022-22825 at the following links: [GitHub Pull Request](https://github.com/libexpat/libexpat/pull/539), [Openwall Mailing List](http://www.openwall.com/lists/oss-security/2022/01/17/3), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044482).

collector/redhat-cve
collector/nvd-index
agent/type
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-22825
agent/remedy
agent/severity
agent/description
agent/weakness
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/libexpat project
canonical/libexpat project libexpat
vendor/tenable
canonical/tenable nessus
version/tenable nessus/10.0.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
version/debian debian linux/11.0
vendor/siemens
canonical/siemens sinema remote connect server
package-manager/debian