CVE-2022-22822 CRITICAL

Published: 2022-01-10 | Last Modified: 2025-05-05 | Status: Modified

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Additional Descriptions (1)

la función addBinding en el archivo xmlparse.c en Expat (también se conoce como libexpat) antes de 2.4.3 presenta un desbordamiento de enteros

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

AV:N/AC:L/Au:N/C:P/I:P/A:P

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Source	Type	Description
[email protected]	Primary	en CWE-190
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-190

Vendor	Product	Version	Update	Type
libexpat_project	libexpat	*	<built-in method update of dict object at 0x72a99977bc40>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a99977b200>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a963c6bb40>	Application
siemens	sinema_remote_connect_server	*	<built-in method update of dict object at 0x72a9cc76c440>	Application
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a99977a780>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x72a999778180>	Operating System

Vulnerable	CPE
Yes	`cpe:2.3:a:libexpat_project:libexpat::::::::`

Vulnerable	CPE
Yes	`cpe:2.3:a:tenable:nessus::::::::`
Yes	`cpe:2.3:a:tenable:nessus::::::::`

Vulnerable	CPE
Yes	`cpe:2.3:a:siemens:sinema_remote_connect_server::::::::`

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`