CVE-2022-25236 – expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. El archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, permite a atacantes insertar caracteres separadores de espacios de nombres en URIs de espacios de nombres A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor. • http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2022/02/19/1 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/561 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU https://lists.fedoraproject.org/archives/list/package- • CWE-179: Incorrect Behavior Order: Early Validation CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-23990 – expat: integer overflow in the doProlog function
https://notcve.org/view.php?id=CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros en la función doProlog A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service. • https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/551 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.oracle.com/security-alerts/cpuapr2022.html https://www. • CWE-190: Integer Overflow or Wraparound •
CVE-2022-23852 – expat: Integer overflow in function XML_GetBuffer
https://notcve.org/view.php?id=CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros con signo en la función XML_GetBuffer, para configuraciones con un XML_CONTEXT_BYTES no nulo expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/550 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220217-0001 https://www.debian.org/security/2022/dsa-5073 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-23852 https& • CWE-190: Integer Overflow or Wraparound •
CVE-2022-22822 – expat: Integer overflow in addBinding in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función addBinding en el archivo xmlparse.c en Expat (también se conoce como libexpat) antes de 2.4.3 presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/539 https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-22822 https://bugzilla.redhat.com/show_bug.cgi?id=2044457 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-22823 – expat: Integer overflow in build_model in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. la función build_model en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/539 https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-22823 https://bugzilla.redhat.com/show_bug.cgi?id=2044464 • CWE-190: Integer Overflow or Wraparound •