Integer Overflow Vulnerability in Expat XML Parsing Library
CVE-2022-22825

8.8HIGH

Key Information:

Vendor

Libexpat Project

Status
Libexpat
Vendor
CVE Published:
10 January 2022

What is CVE-2022-22825?

The Expat XML parsing library before version 2.4.3 contains a vulnerability due to an integer overflow in the xmlparse.c file. This flaw may permit attackers to exploit the library's XML parsing functionality, potentially leading to unexpected behaviors or crashes. It is crucial for users of affected versions to update to ensure their systems remain secure against these types of vulnerabilities.

References

https://github.com/libexpat/libexpat/pull/539
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/01/17/3
mailing-listx_refsource_MLIST
https://www.tenable.com/security/tns-2022-05
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.