CVE-2022-22826: Integer Overflow
First published: Mon Jan 10 2022(Updated: )
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
| redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
| redhat/xmlrpc-c | <0:1.51.0-8.el8 | 0:1.51.0-8.el8 |
| Libexpat Project Libexpat | <2.4.3 | |
| Tenable Nessus | <8.15.3 | |
| Tenable Nessus | >=10.0.0<10.1.1 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Siemens SINEMA Remote Connect Server | <3.1 | |
| redhat/expat | <2.4.3 | 2.4.3 |
| debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u7 2.2.10-2+deb11u5 2.5.0-1 2.6.2-1 | |
| ubuntu/expat | <2.2.5-3ubuntu0.4 | 2.2.5-3ubuntu0.4 |
| ubuntu/expat | <2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.2 |
| ubuntu/expat | <2.4.1-2ubuntu0.1 | 2.4.1-2ubuntu0.1 |
| ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
| ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
| ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
| ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
| ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
| ubuntu/expat | <2.1.0-4ubuntu1.4+ | 2.1.0-4ubuntu1.4+ |
| ubuntu/expat | <2.1.0-7ubuntu0.16.04.5+ | 2.1.0-7ubuntu0.16.04.5+ |
| ubuntu/firefox | <98.0+ | 98.0+ |
| ubuntu/firefox | <98.0+ | 98.0+ |
| ubuntu/firefox | <98.0+ | 98.0+ |
| ubuntu/firefox | <1:1 | 1:1 |
| ubuntu/firefox | <1:1 | 1:1 |
| ubuntu/firefox | <1:1 | 1:1 |
| ubuntu/firefox | <1:1 | 1:1 |
| ubuntu/firefox | <1:1 | 1:1 |
| ubuntu/firefox | <98 | 98 |
| ubuntu/libxmltok | <1.2-4ubuntu0.18.04.1~ | 1.2-4ubuntu0.18.04.1~ |
| ubuntu/libxmltok | <1.2-4ubuntu0.20.04.1~ | 1.2-4ubuntu0.20.04.1~ |
| ubuntu/libxmltok | <1.2-4ubuntu0.22.04.1~ | 1.2-4ubuntu0.22.04.1~ |
| ubuntu/libxmltok | <1.2-3ubuntu0.16.04.1~ | 1.2-3ubuntu0.16.04.1~ |
| ubuntu/thunderbird | <1:91.11.0+ | 1:91.11.0+ |
| ubuntu/thunderbird | <1:91.11.0+ | 1:91.11.0+ |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 https://github.com/libexpat/libexpat/pull/539
- https://bugzilla.redhat.com/show_bug.cgi?id=2044484
- https://access.redhat.com/errata/RHSA-2022:1069
- https://access.redhat.com/errata/RHSA-2022:0951
- https://access.redhat.com/errata/RHSA-2022:7692
- https://access.redhat.com/errata/RHSA-2022:7144
- https://access.redhat.com/security/cve/cve-2022-22826
- http://www.openwall.com/lists/oss-security/2022/01/17/3
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://github.com/libexpat/libexpat/pull/539
- https://security.gentoo.org/glsa/202209-24
- https://www.debian.org/security/2022/dsa-5073
- https://www.tenable.com/security/tns-2022-05
- https://launchpad.net/bugs/cve/CVE-2022-22826
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044485
- https://access.redhat.com/errata/RHSA-2022:7143
- https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e
- https://security-tracker.debian.org/tracker/CVE-2022-22826
- https://ubuntu.com/security/notices/USN-5288-1
- https://ubuntu.com/security/notices/USN-5455-1
- https://www.cve.org/CVERecord?id=CVE-2022-22826
- https://nvd.nist.gov/vuln/detail/CVE-2022-22826
- https://hg.mozilla.org/releases/mozilla-release/rev/1b20c84cd140d14859be41e1715ff886ac301836
- https://ubuntu.com/security/CVE-2022-22826
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-22826.
What is the severity of CVE-2022-22826?
The severity of CVE-2022-22826 is high (8.8).
What is the affected software?
The affected software includes Expat (libexpat) versions before 2.4.3, and some specific versions of Red Hat, Ubuntu, Debian, Firefox, libxmltok, Thunderbird, Nessus, and Siemens SINEMA Remote Connect Server.
How can the vulnerability be exploited?
The vulnerability can be exploited when processing a large number of prefixed XML attributes on a single tag, which can lead to unexpected termination due to integer overflow.
How do I fix CVE-2022-22826?
To fix CVE-2022-22826, update Expat (libexpat) to version 2.4.3 or apply the appropriate remedy for the specific affected software versions.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-22826
- agent/references
- agent/remedy
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/libexpat project
- canonical/libexpat project libexpat
- vendor/tenable
- canonical/tenable nessus
- version/tenable nessus/10.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/siemens
- canonical/siemens sinema remote connect server
- package-manager/debian
- package-manager/ubuntu