Integer Overflow in Expat Library Affects Multiple Applications
CVE-2022-22823

9.8CRITICAL

Key Information:

Vendor
Libexpat Project
Status
Libexpat
Vendor
CVE Published:
10 January 2022

Summary

The Expat library, also known as libexpat, before version 2.4.3 is affected by an integer overflow in the build_model function within xmlparse.c. This vulnerability may allow an attacker to exploit the overflow in various applications using this library, potentially leading to unexpected behavior or application crashes. It is essential for users to update to the latest version to mitigate risks associated with this security flaw.

References

https://github.com/libexpat/libexpat/pull/539
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/01/17/3
mailing-listx_refsource_MLIST
https://www.tenable.com/security/tns-2022-05
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.