First published: Wed Feb 16 2022(Updated: )
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <0:2.0.1-14.el6_10 | 0:2.0.1-14.el6_10 |
redhat/firefox | <0:91.7.0-3.el7_9 | 0:91.7.0-3.el7_9 |
redhat/thunderbird | <0:91.7.0-2.el7_9 | 0:91.7.0-2.el7_9 |
redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
redhat/firefox | <0:91.7.0-3.el8_5 | 0:91.7.0-3.el8_5 |
redhat/thunderbird | <0:91.7.0-2.el8_5 | 0:91.7.0-2.el8_5 |
redhat/mingw-expat | <0:2.4.8-1.el8 | 0:2.4.8-1.el8 |
redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
redhat/firefox | <0:91.7.0-3.el8_1 | 0:91.7.0-3.el8_1 |
redhat/thunderbird | <0:91.7.0-2.el8_1 | 0:91.7.0-2.el8_1 |
redhat/expat | <0:2.2.5-3.el8_1.1 | 0:2.2.5-3.el8_1.1 |
redhat/firefox | <0:91.7.0-3.el8_2 | 0:91.7.0-3.el8_2 |
redhat/thunderbird | <0:91.7.0-2.el8_2 | 0:91.7.0-2.el8_2 |
redhat/expat | <0:2.2.5-3.el8_2.2 | 0:2.2.5-3.el8_2.2 |
redhat/firefox | <0:91.7.0-3.el8_4 | 0:91.7.0-3.el8_4 |
redhat/thunderbird | <0:91.7.0-2.el8_4 | 0:91.7.0-2.el8_4 |
redhat/expat | <0:2.2.5-4.el8_4.2 | 0:2.2.5-4.el8_4.2 |
redhat/redhat-virtualization-host | <0:4.3.22-20220330.1.el7_9 | 0:4.3.22-20220330.1.el7_9 |
Libexpat Project Libexpat | <2.4.5 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Oracle HTTP Server | =12.2.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
Siemens SINEMA Remote Connect Server | <3.1 | |
redhat/expat | <2.4.5 | 2.4.5 |
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1+deb12u1 2.6.4-1 |
There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID of this flaw in Expat is CVE-2022-25236.
The severity level of CVE-2022-25236 is critical.
The affected software of CVE-2022-25236 includes Expat (libexpat) versions before 2.4.5, Red Hat, Firefox, Thunderbird, mingw-expat, and others.
An attacker can exploit CVE-2022-25236 by passing namespace separator characters in the "xmlns[:prefix]" attribute values, causing expat to send malformed tag names to the XML processor.
You can find more information about CVE-2022-25236 at the following references: http://www.openwall.com/lists/oss-security/2022/02/19/1, https://github.com/libexpat/libexpat/pull/561, and https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2056371