First published: Fri Feb 18 2022(Updated: )
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <2.4.5 | 2.4.5 |
redhat/expat | <0:2.0.1-14.el6_10 | 0:2.0.1-14.el6_10 |
redhat/firefox | <0:91.7.0-3.el7_9 | 0:91.7.0-3.el7_9 |
redhat/thunderbird | <0:91.7.0-2.el7_9 | 0:91.7.0-2.el7_9 |
redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
redhat/firefox | <0:91.7.0-3.el8_5 | 0:91.7.0-3.el8_5 |
redhat/thunderbird | <0:91.7.0-2.el8_5 | 0:91.7.0-2.el8_5 |
redhat/mingw-expat | <0:2.4.8-1.el8 | 0:2.4.8-1.el8 |
redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
redhat/firefox | <0:91.7.0-3.el8_1 | 0:91.7.0-3.el8_1 |
redhat/thunderbird | <0:91.7.0-2.el8_1 | 0:91.7.0-2.el8_1 |
redhat/expat | <0:2.2.5-3.el8_1.1 | 0:2.2.5-3.el8_1.1 |
redhat/firefox | <0:91.7.0-3.el8_2 | 0:91.7.0-3.el8_2 |
redhat/thunderbird | <0:91.7.0-2.el8_2 | 0:91.7.0-2.el8_2 |
redhat/expat | <0:2.2.5-3.el8_2.2 | 0:2.2.5-3.el8_2.2 |
redhat/firefox | <0:91.7.0-3.el8_4 | 0:91.7.0-3.el8_4 |
redhat/thunderbird | <0:91.7.0-2.el8_4 | 0:91.7.0-2.el8_4 |
redhat/expat | <0:2.2.5-4.el8_4.2 | 0:2.2.5-4.el8_4.2 |
redhat/redhat-virtualization-host | <0:4.3.22-20220330.1.el7_9 | 0:4.3.22-20220330.1.el7_9 |
debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u6 2.2.10-2+deb11u5 2.5.0-1 2.5.0-2 | |
Libexpat Project Libexpat | <2.4.5 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Oracle HTTP Server | =12.2.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
Siemens SINEMA Remote Connect Server | <3.1 |
There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-25315 is a vulnerability in Expat (aka libexpat) before version 2.4.5, which allows for an integer overflow in storeRawNames.
The severity of CVE-2022-25315 is critical with a CVSS score of 9.8.
CVE-2022-25315 occurs in Expat through the function storeRawNames(), by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes.
The affected software versions of CVE-2022-25315 include Expat 2.4.5 and earlier, as well as various versions of Firefox and Thunderbird.
To fix CVE-2022-25315, it is recommended to update to Expat version 2.4.5 or apply the appropriate patches provided by the software vendors.