First published: Sat Jan 08 2022(Updated: )
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
redhat/xmlrpc-c | <0:1.51.0-8.el8 | 0:1.51.0-8.el8 |
Libexpat Project Libexpat | <2.4.3 | |
Tenable Nessus | <8.15.3 | |
Tenable Nessus | >=10.0.0<10.1.1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Siemens SINEMA Remote Connect Server | <3.1 | |
redhat/expat | <2.4.3 | 2.4.3 |
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1 2.5.0-1+deb12u1 2.6.3-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2022-22826.
The severity of CVE-2022-22826 is high (8.8).
The affected software includes Expat (libexpat) versions before 2.4.3, and some specific versions of Red Hat, Ubuntu, Debian, Firefox, libxmltok, Thunderbird, Nessus, and Siemens SINEMA Remote Connect Server.
The vulnerability can be exploited when processing a large number of prefixed XML attributes on a single tag, which can lead to unexpected termination due to integer overflow.
To fix CVE-2022-22826, update Expat (libexpat) to version 2.4.3 or apply the appropriate remedy for the specific affected software versions.