First published: Wed Jan 26 2022(Updated: )
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/mingw-expat | <0:2.4.8-1.el8 | 0:2.4.8-1.el8 |
Libexpat Project Libexpat | <2.4.4 | |
Tenable Nessus | <8.15.3 | |
Tenable Nessus | >=10.0.0<10.1.1 | |
Oracle Communications Metasolv Solution | =6.3.1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Siemens SINEMA Remote Connect Server | <3.1 | |
Google Android | ||
redhat/expat | <2.4.4 | 2.4.4 |
debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u7 2.2.10-2+deb11u5 2.5.0-1 2.6.2-1 | |
ubuntu/expat | <2.2.5-3ubuntu0.4 | 2.2.5-3ubuntu0.4 |
ubuntu/expat | <2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.2 |
ubuntu/expat | <2.4.1-2ubuntu0.1 | 2.4.1-2ubuntu0.1 |
ubuntu/expat | <2.4.3-3 | 2.4.3-3 |
ubuntu/expat | <2.4.3-3 | 2.4.3-3 |
ubuntu/expat | <2.4.3-3 | 2.4.3-3 |
ubuntu/expat | <2.4.3-3 | 2.4.3-3 |
ubuntu/expat | <2.4.3-3 | 2.4.3-3 |
ubuntu/expat | <2.1.0-4ubuntu1.4+ | 2.1.0-4ubuntu1.4+ |
ubuntu/expat | <2.1.0-7ubuntu0.16.04.5+ | 2.1.0-7ubuntu0.16.04.5+ |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
https://github.com/libexpat/libexpat/pull/551/commits/ede41d1e186ed2aba88a06e84cac839b770af3a1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2022-23990.
The severity of CVE-2022-23990 is high with a severity value of 7.5.
The affected software of CVE-2022-23990 includes expat, mingw-expat, Ubuntu expat, Firefox, Debian expat, Tenable Nessus, Oracle Communications Metasolv Solution, Google Android, Siemens SINEMA Remote Connect Server, and Fedora.
To fix CVE-2022-23990 on Red Hat, update expat to version 2.4.4 or later.
Yes, you can find references for CVE-2022-23990 at the following links: [GitHub](https://github.com/libexpat/libexpat/pull/551), [Red Hat Bugzilla 1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2050215), [Red Hat Bugzilla 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2050214).