CWE
416
Advisory Published
Updated

CVE-2022-40674: Use After Free

First published: Wed Sep 14 2022(Updated: )

A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.In official releases of Firefox this vulnerability is mitigated by wasm sandboxing; versions managed by Linux distributions may have other settings.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/expat<0:2.0.1-15.el6_10
0:2.0.1-15.el6_10
redhat/compat-expat1<0:1.95.8-9.el6_10
0:1.95.8-9.el6_10
redhat/expat<0:2.1.0-15.el7_9
0:2.1.0-15.el7_9
redhat/firefox<0:102.3.0-7.el7_9
0:102.3.0-7.el7_9
redhat/thunderbird<0:102.3.0-4.el7_9
0:102.3.0-4.el7_9
redhat/thunderbird<0:102.3.0-4.el8_6
0:102.3.0-4.el8_6
redhat/firefox<0:102.3.0-7.el8_6
0:102.3.0-7.el8_6
redhat/mingw-expat<0:2.4.8-2.el8
0:2.4.8-2.el8
redhat/expat<0:2.2.5-8.el8_6.3
0:2.2.5-8.el8_6.3
redhat/firefox<0:102.3.0-7.el8_1
0:102.3.0-7.el8_1
redhat/thunderbird<0:102.3.0-4.el8_1
0:102.3.0-4.el8_1
redhat/expat<0:2.2.5-3.el8_1.2
0:2.2.5-3.el8_1.2
redhat/thunderbird<0:102.3.0-4.el8_2
0:102.3.0-4.el8_2
redhat/firefox<0:102.3.0-7.el8_2
0:102.3.0-7.el8_2
redhat/expat<0:2.2.5-3.el8_2.3
0:2.2.5-3.el8_2.3
redhat/thunderbird<0:102.3.0-4.el8_4
0:102.3.0-4.el8_4
redhat/firefox<0:102.3.0-7.el8_4
0:102.3.0-7.el8_4
redhat/expat<0:2.2.5-4.el8_4.4
0:2.2.5-4.el8_4.4
redhat/expat<0:2.2.10-12.el9_0.3
0:2.2.10-12.el9_0.3
redhat/firefox<0:102.3.0-7.el9_0
0:102.3.0-7.el9_0
redhat/thunderbird<0:102.3.0-4.el9_0
0:102.3.0-4.el9_0
Libexpat Project Libexpat<2.4.9
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
debian/expat<=2.2.10-2<=2.2.10-2+deb11u3<=2.4.8-1
2.4.8-2
2.2.10-2+deb11u4
redhat/expat<2.4.9
2.4.9
Mozilla Firefox<107
107
<107
107
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
debian/expat<=2.2.6-2+deb10u4
2.2.6-2+deb10u6
2.2.10-2+deb11u5
2.5.0-1
2.5.0-2

Remedy

There is no known mitigation other than restricting applications using the expat library from processing XML content. Please update the affected packages as soon as possible.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is CVE-2022-40674?

    CVE-2022-40674 is a vulnerability in libexpat before 2.4.9 that allows for a use-after-free vulnerability in the doContent function in xmlparse.c.

  • What is the severity of CVE-2022-40674?

    CVE-2022-40674 has a severity rating of 8.1 (high).

  • How does CVE-2022-40674 impact the affected software?

    CVE-2022-40674 affects the expat package versions 2.4.8-2 and 2.2.10-2+deb11u4 in Debian, as well as other Red Hat packages such as thunderbird and firefox.

  • Is there a fix available for CVE-2022-40674?

    Yes, there are fixes available for CVE-2022-40674. For Debian, updating to version 2.4.9 or higher of the expat package is recommended. Red Hat provides specific version updates for the affected packages.

  • Where can I find more information about CVE-2022-40674?

    You can find more information about CVE-2022-40674 in the bugzilla.mozilla.org and mozilla.org security advisories, as well as in the GitHub pull request related to the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203