Integer Overflow in Expat Affecting Multiple Platforms
CVE-2022-22824

9.8CRITICAL

Key Information:

Vendor

Libexpat Project

Status
Libexpat
Vendor
CVE Published:
10 January 2022

What is CVE-2022-22824?

The Expat XML parser library suffers from an integer overflow vulnerability in the defineAttribute function within the xmlparse.c file. This issue occurs before version 2.4.3, potentially allowing attackers to exploit the vulnerability for various types of attacks on applications that rely on this library for XML parsing. It is recommended that users upgrade to version 2.4.3 or later to mitigate any risks associated with this vulnerability.

References

https://github.com/libexpat/libexpat/pull/539
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/01/17/3
mailing-listx_refsource_MLIST
https://www.tenable.com/security/tns-2022-05
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.