CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 2CVE-2022-25313 – expat: Stack exhaustion in doctype parsing
https://notcve.org/view.php?id=CVE-2022-25313
18 Feb 2022 — In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. En Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, un atacante puede desencadenar un agotamiento de pila en build_model por medio de una gran profundidad de anidamiento en el elemento DTD A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of serv... • https://github.com/Trinadh465/external_expat-2.1.0_CVE-2022-25313 • CWE-674: Uncontrolled Recursion CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 11%CPEs: 9EXPL: 1CVE-2022-25235 – expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25235
16 Feb 2022 — xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. El archivo xmltok_impl.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, carece de determinada comprobación de codificación, como comprueba si un carácter UTF-8 es válido en un determinado contexto A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML pr... • https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-25235 • CWE-116: Improper Encoding or Escaping of Output CWE-838: Inappropriate Encoding for Output Context •
CVSS: 9.8EPSS: 7%CPEs: 7EXPL: 2CVE-2022-25236 – expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25236
16 Feb 2022 — xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. El archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, permite a atacantes insertar caracteres separadores de espacios de nombres en URIs de espacios de nombres A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the XML processor on top o... • https://packetstorm.news/files/id/167238 • CWE-179: Incorrect Behavior Order: Early Validation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 1CVE-2022-23990 – expat: integer overflow in the doProlog function
https://notcve.org/view.php?id=CVE-2022-23990
26 Jan 2022 — Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros en la función doProlog A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service. Red... • https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-23990 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2022-23852 – expat: Integer overflow in function XML_GetBuffer
https://notcve.org/view.php?id=CVE-2022-23852
24 Jan 2022 — Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros con signo en la función XML_GetBuffer, para configuraciones con un XML_CONTEXT_BYTES no nulo expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can ... • https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-23852 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2022-22822 – expat: Integer overflow in addBinding in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22822
08 Jan 2022 — addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función addBinding en el archivo xmlparse.c en Expat (también se conoce como libexpat) antes de 2.4.3 presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability ... • https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2022-22822toCVE-2022-22827 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22823 – expat: Integer overflow in build_model in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22823
08 Jan 2022 — build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función build_model en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerabilit... • http://www.openwall.com/lists/oss-security/2022/01/17/3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22824 – expat: Integer overflow in defineAttribute in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22824
08 Jan 2022 — defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función defineAttribute en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vuln... • http://www.openwall.com/lists/oss-security/2022/01/17/3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22825 – expat: Integer overflow in lookup in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22825
08 Jan 2022 — lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función lookup en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to av... • http://www.openwall.com/lists/oss-security/2022/01/17/3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22826 – expat: Integer overflow in nextScaffoldPart in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22826
08 Jan 2022 — nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función nextScaffoldPart en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vu... • http://www.openwall.com/lists/oss-security/2022/01/17/3 • CWE-190: Integer Overflow or Wraparound •