critical
9.8
CWE
190 787
Advisory Published
Updated

CVE-2022-25315: Integer Overflow

First published: Fri Feb 18 2022(Updated: )

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/expat<2.4.5
2.4.5
redhat/expat<0:2.0.1-14.el6_10
0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
0:91.7.0-2.el8_5
redhat/mingw-expat<0:2.4.8-1.el8
0:2.4.8-1.el8
redhat/expat<0:2.2.5-4.el8_5.3
0:2.2.5-4.el8_5.3
redhat/firefox<0:91.7.0-3.el8_1
0:91.7.0-3.el8_1
redhat/thunderbird<0:91.7.0-2.el8_1
0:91.7.0-2.el8_1
redhat/expat<0:2.2.5-3.el8_1.1
0:2.2.5-3.el8_1.1
redhat/firefox<0:91.7.0-3.el8_2
0:91.7.0-3.el8_2
redhat/thunderbird<0:91.7.0-2.el8_2
0:91.7.0-2.el8_2
redhat/expat<0:2.2.5-3.el8_2.2
0:2.2.5-3.el8_2.2
redhat/firefox<0:91.7.0-3.el8_4
0:91.7.0-3.el8_4
redhat/thunderbird<0:91.7.0-2.el8_4
0:91.7.0-2.el8_4
redhat/expat<0:2.2.5-4.el8_4.2
0:2.2.5-4.el8_4.2
redhat/redhat-virtualization-host<0:4.3.22-20220330.1.el7_9
0:4.3.22-20220330.1.el7_9
debian/expat
2.2.6-2+deb10u4
2.2.6-2+deb10u6
2.2.10-2+deb11u5
2.5.0-1
2.5.0-2
Libexpat Project Libexpat<2.4.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle ZFS Storage Appliance Kit=8.8
Siemens SINEMA Remote Connect Server<3.1

Remedy

https://www.oracle.com/security-alerts/cpuapr2022.html

Remedy

There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2022-25315?

    CVE-2022-25315 is a vulnerability in Expat (aka libexpat) before version 2.4.5, which allows for an integer overflow in storeRawNames.

  • What is the severity of CVE-2022-25315?

    The severity of CVE-2022-25315 is critical with a CVSS score of 9.8.

  • How does CVE-2022-25315 occur?

    CVE-2022-25315 occurs in Expat through the function storeRawNames(), by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes.

  • What are the affected software versions of CVE-2022-25315?

    The affected software versions of CVE-2022-25315 include Expat 2.4.5 and earlier, as well as various versions of Firefox and Thunderbird.

  • How can CVE-2022-25315 be fixed?

    To fix CVE-2022-25315, it is recommended to update to Expat version 2.4.5 or apply the appropriate patches provided by the software vendors.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203