[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2022:1069 -- expat

ID: oval:org.secpod.oval:def:78540Date: (C)2022-04-04   (M)2024-04-25
Class: PATCHFamily: unix




Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawNames * expat: Large number of prefixed XML attributes on a single tag can crash libexpat * expat: Integer overflow in doProlog in xmlparse.c * expat: Integer overflow in addBinding in xmlparse.c * expat: Integer overflow in build_model in xmlparse.c * expat: Integer overflow in defineAttribute in xmlparse.c * expat: Integer overflow in lookup in xmlparse.c * expat: Integer overflow in nextScaffoldPart in xmlparse.c * expat: Integer overflow in storeAtts in xmlparse.c * expat: Integer overflow in function XML_GetBuffer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Platform:
CentOS 7
Product:
expat
Reference:
CESA-2022:1069
CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23852
CVE-2022-25235
CVE-2022-25236
CVE-2022-25315
CVE    12
CVE-2021-45960
CVE-2021-46143
CVE-2022-22824
CVE-2022-22825
...

© SecPod Technologies