// For flags

CVE-2022-43680

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucción excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions.

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-10-24 CVE Reserved
  • 2022-10-24 CVE Published
  • 2022-12-19 First Exploit
  • 2024-08-03 CVE Updated
  • 2025-04-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-416: Use After Free
CAPEC
References (19)
URL Tag Source
http://www.openwall.com/lists/oss-security/2023/12/28/5 Mailing List
http://www.openwall.com/lists/oss-security/2024/01/03/5 Mailing List
https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html Mailing List
https://security.netapp.com/advisory/ntap-20221118-0007 Third Party Advisory
URL Date SRC
https://github.com/Trinadh465/external_expat-2.1.0_CVE-2022-43680 2023-12-18
https://github.com/nidhihcl/external_expat_2.1.0_CVE-2022-43680 2022-12-19
https://github.com/libexpat/libexpat/issues/649 2024-08-03
https://github.com/libexpat/libexpat/pull/616 2024-08-03
https://github.com/libexpat/libexpat/pull/650 2024-08-03
URL Date SRC
URL Date SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE 2024-01-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D 2024-01-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ 2024-01-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR 2024-01-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS 2024-01-21
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6 2024-01-21
https://security.gentoo.org/glsa/202210-38 2024-01-21
https://www.debian.org/security/2022/dsa-5266 2024-01-21
https://access.redhat.com/security/cve/CVE-2022-43680 2024-01-25
https://bugzilla.redhat.com/show_bug.cgi?id=2140059 2024-01-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netapp
Search vendor "Netapp"
 H300s Firmware
Search vendor "Netapp" for product "H300s Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 H300s
Search vendor "Netapp" for product "H300s"
--
Safe
Netapp
Search vendor "Netapp"
 H500s Firmware
Search vendor "Netapp" for product "H500s Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 H500s
Search vendor "Netapp" for product "H500s"
--
Safe
Netapp
Search vendor "Netapp"
 H700s Firmware
Search vendor "Netapp" for product "H700s Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 H700s
Search vendor "Netapp" for product "H700s"
--
Safe
Netapp
Search vendor "Netapp"
 H410s Firmware
Search vendor "Netapp" for product "H410s Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 H410s
Search vendor "Netapp" for product "H410s"
--
Safe
Netapp
Search vendor "Netapp"
 H410c Firmware
Search vendor "Netapp" for product "H410c Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 H410c
Search vendor "Netapp" for product "H410c"
--
Safe
Netapp
Search vendor "Netapp"
 Hci Compute Node Firmware
Search vendor "Netapp" for product "Hci Compute Node Firmware"
--
Affected
in Netapp
Search vendor "Netapp"
 Hci Compute Node
Search vendor "Netapp" for product "Hci Compute Node"
--
Safe
Libexpat Project
Search vendor "Libexpat Project"
 Libexpat
Search vendor "Libexpat Project" for product "Libexpat"
 <= 2.4.9
Search vendor "Libexpat Project" for product "Libexpat" and version " <= 2.4.9"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 36
Search vendor "Fedoraproject" for product "Fedora" and version "36"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected
Netapp
Search vendor "Netapp"
 Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
 Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
 Solidfire \& Hci Management Node
Search vendor "Netapp" for product "Solidfire \& Hci Management Node"
--
Affected