Latest libexpat project libexpat Vulnerabilities

CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Libexpat Project Libexpat<=2.5.0
ubuntu/expat<2.4.7-1ubuntu0.3
ubuntu/expat<2.5.0-2ubuntu0.1
ubuntu/expat<2.6.0-1
debian/expat<=2.2.6-2+deb10u4<=2.2.10-2+deb11u5<=2.5.0-1<=2.5.0-2
CVE-2022-43680
Apache OpenOffice: "Use after free" fixed in libexpat
debian/expat<=2.2.6-2+deb10u4
debian/expat<=2.2.10-2<=2.4.9-1
redhat/expat<0:2.2.5-10.el8_7.1
redhat/expat<0:2.4.9-1.el9_1.1
redhat/expat<2.5.0
Google Android
and 33 more
CVE-2022-40674
A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.In official releases of Firefox this vulnerability is mitigated by wasm sandboxing; versions managed by...
redhat/expat<0:2.0.1-15.el6_10
redhat/compat-expat1<0:1.95.8-9.el6_10
redhat/expat<0:2.1.0-15.el7_9
redhat/firefox<0:102.3.0-7.el7_9
redhat/thunderbird<0:102.3.0-4.el7_9
redhat/thunderbird<0:102.3.0-4.el8_6
and 29 more
CVE-2022-25313
A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.
redhat/expat<2.4.5
redhat/mingw-expat<0:2.4.8-1.el8
redhat/expat<0:2.2.5-8.el8_6.2
redhat/expat<0:2.2.10-12.el9_0.2
debian/expat
Libexpat Project Libexpat<2.4.5
and 8 more
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Google Android
Libexpat Project Libexpat<2.4.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 8 more
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
redhat/expat<2.4.5
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
and 23 more
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
and 47 more
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
and 40 more
CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
redhat/mingw-expat<0:2.4.8-1.el8
Libexpat Project Libexpat<2.4.4
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
Oracle Communications Metasolv Solution=6.3.1
Debian Debian Linux=10.0
and 22 more
CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/expat<0:2.2.5-4.el8_4.3
Libexpat Project Libexpat<2.4.4
NetApp Clustered Data ONTAP
NetApp OnCommand Workflow Automation
and 23 more
CVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 30 more
CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
debian/expat<=2.4.2-1<=2.2.6-2+deb10u1<=2.2.6-2<=2.2.10-2
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
and 32 more
CVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 30 more
CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 30 more
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 30 more
CVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
Libexpat Project Libexpat<2.4.3
Tenable Nessus<8.15.3
Tenable Nessus>=10.0.0<10.1.1
and 30 more
CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
redhat/xmlrpc-c<0:1.51.0-8.el8
redhat/expat<2.4.3
debian/expat
Libexpat Project Libexpat<2.4.3
and 33 more
CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memor...
redhat/expat<0:2.1.0-14.el7_9
redhat/expat<0:2.2.5-4.el8_5.3
debian/expat<=2.2.6-2<=2.2.10-2<=2.2.6-2+deb10u1<=2.4.2-1
redhat/expat<2.4.3
debian/expat
Libexpat Project Libexpat<2.4.3
and 30 more
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnN...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 91 more
CVE-2018-20843
libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cons...
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
and 52 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203