First published: Wed Sep 14 2022(Updated: )
A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.In official releases of Firefox this vulnerability is mitigated by wasm sandboxing; versions managed by Linux distributions may have other settings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <0:2.0.1-15.el6_10 | 0:2.0.1-15.el6_10 |
redhat/compat-expat1 | <0:1.95.8-9.el6_10 | 0:1.95.8-9.el6_10 |
redhat/expat | <0:2.1.0-15.el7_9 | 0:2.1.0-15.el7_9 |
redhat/firefox | <0:102.3.0-7.el7_9 | 0:102.3.0-7.el7_9 |
redhat/thunderbird | <0:102.3.0-4.el7_9 | 0:102.3.0-4.el7_9 |
redhat/thunderbird | <0:102.3.0-4.el8_6 | 0:102.3.0-4.el8_6 |
redhat/firefox | <0:102.3.0-7.el8_6 | 0:102.3.0-7.el8_6 |
redhat/mingw-expat | <0:2.4.8-2.el8 | 0:2.4.8-2.el8 |
redhat/expat | <0:2.2.5-8.el8_6.3 | 0:2.2.5-8.el8_6.3 |
redhat/firefox | <0:102.3.0-7.el8_1 | 0:102.3.0-7.el8_1 |
redhat/thunderbird | <0:102.3.0-4.el8_1 | 0:102.3.0-4.el8_1 |
redhat/expat | <0:2.2.5-3.el8_1.2 | 0:2.2.5-3.el8_1.2 |
redhat/thunderbird | <0:102.3.0-4.el8_2 | 0:102.3.0-4.el8_2 |
redhat/firefox | <0:102.3.0-7.el8_2 | 0:102.3.0-7.el8_2 |
redhat/expat | <0:2.2.5-3.el8_2.3 | 0:2.2.5-3.el8_2.3 |
redhat/thunderbird | <0:102.3.0-4.el8_4 | 0:102.3.0-4.el8_4 |
redhat/firefox | <0:102.3.0-7.el8_4 | 0:102.3.0-7.el8_4 |
redhat/expat | <0:2.2.5-4.el8_4.4 | 0:2.2.5-4.el8_4.4 |
redhat/expat | <0:2.2.10-12.el9_0.3 | 0:2.2.10-12.el9_0.3 |
redhat/firefox | <0:102.3.0-7.el9_0 | 0:102.3.0-7.el9_0 |
redhat/thunderbird | <0:102.3.0-4.el9_0 | 0:102.3.0-4.el9_0 |
Libexpat Project Libexpat | <2.4.9 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
debian/expat | <=2.2.10-2<=2.2.10-2+deb11u3<=2.4.8-1 | 2.4.8-2 2.2.10-2+deb11u4 |
redhat/expat | <2.4.9 | 2.4.9 |
Mozilla Firefox | <107 | 107 |
<107 | 107 | |
IBM BM Security Guardium | <=11.3 | |
IBM Security Guardium | <=11.4 | |
IBM Security Guardium | <=11.5 | |
debian/expat | <=2.2.6-2+deb10u4 | 2.2.6-2+deb10u6 2.2.10-2+deb11u5 2.5.0-1 2.5.0-2 |
There is no known mitigation other than restricting applications using the expat library from processing XML content. Please update the affected packages as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2022-40674 is a vulnerability in libexpat before 2.4.9 that allows for a use-after-free vulnerability in the doContent function in xmlparse.c.
CVE-2022-40674 has a severity rating of 8.1 (high).
CVE-2022-40674 affects the expat package versions 2.4.8-2 and 2.2.10-2+deb11u4 in Debian, as well as other Red Hat packages such as thunderbird and firefox.
Yes, there are fixes available for CVE-2022-40674. For Debian, updating to version 2.4.9 or higher of the expat package is recommended. Red Hat provides specific version updates for the affected packages.
You can find more information about CVE-2022-40674 in the bugzilla.mozilla.org and mozilla.org security advisories, as well as in the GitHub pull request related to the vulnerability.