CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

On systems where large integers are used this can result in a denial of service. Unfortunately no fix has been published yet.

This issue was reported by Julien Vary. Thanks to Julien Vary for reporting this issue. This issue has been fixed in the upstream libexpat. On systems where large integers are used this can result in a denial of service. Unfortunately no fix has been published yet.This issue was reported by Julien Vary. Thanks to Julien Vary for reporting this issue. libexpat before 2.4.3 did not sufficiently sanitize user-provided input before passing it to XmlNode. This can result in a denial of service when a malicious user supplies a crafted XmlNode with a large integer value as the node data. This issue has been fixed in the upstream libexpat. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 2.5.2-1. libexpat before 2.4.3 did not sufficiently sanitize user-provided input before passing it to XmlNode. This can result in a denial of service when a malicious user supplies a crafted XmlNode with a large integer value as the node data. This issue has been fixed in the upstream libexpat. For the oldstable distribution (jessie),

CVE-2019-6238

The issue was fixed in the upstream libexpat.

Timeline

Published on: 01/10/2022 14:12:00 UTC
Last modified on: 06/14/2022 11:15:00 UTC

References