Download
| Alert*
oval:org.secpod.oval:def:78381
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:605886 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. oval:org.secpod.oval:def:1506049 [2.1.0-15.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] [2.1.0-15] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 oval:org.secpod.oval:def:89045983 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:89047489 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:1506349 [2.2.5-10.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-10.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 oval:org.secpod.oval:def:1601844 Expat before 2.4.4 has an integer overflow in the doProlog function oval:org.secpod.oval:def:121629 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:1701810 Expat before 2.4.4 has an integer overflow in the doProlog function. A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service oval:org.secpod.oval:def:1506059 [2.2.5-8.0.1.3] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-8.3] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 oval:org.secpod.oval:def:121637 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:1505503 [2.2.5-4.0.1.3] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] oval:org.secpod.oval:def:1505803 [2.2.5-8.0.1.2] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-8.2] - Improve fix for CVE-2022-25313 - Related: CVE-2022-25313 [2.2.5-8.1] - Fix multiple CVEs - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25313 oval:org.secpod.oval:def:1505508 [2.1.0-12.0.1] - lib: Prevent integer overflow on groupSize [CVE-2021-46143][Orabug: 33910302] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] oval:org.secpod.oval:def:89046084 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:89046041 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:2500847 Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. oval:org.secpod.oval:def:19500049 In Expat before 2.4.3, a left shift by 29 places in the storeAtts function in xmlparse.c can lead to realloc misbehavior . In doProlog in xmlparse.c in Expat before 2.4.3, an integer overflow exists for m_groupSize. addBinding in xmlparse.c in Expat before 2.4.3 has an integer overflow. build_mo ... oval:org.secpod.oval:def:78417 expat: XML parsing C library Several security issues were fixed in Expat. oval:org.secpod.oval:def:86653 The host is missing a patch containing a security fixes, which affects the following package(s): Python oval:org.secpod.oval:def:1505518 [2.1.0-14.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910302] [2.1.0-14] - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte ... oval:org.secpod.oval:def:97671 [CLSA-2022:1660762248] Fixed 13 CVEs in expat oval:org.secpod.oval:def:2107539 Oracle Solaris 11 - ( CVE-2022-23852 ) oval:org.secpod.oval:def:706318 expat: XML parsing C library Several security issues were fixed in Expat. oval:org.secpod.oval:def:1507441 [2.2.5-11.0.1.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-11.1] - CVE-2023-52425 expat: parsing large tokens can trigger a denial of service - Resolves: RHEL-29321 |