CVE-2022-22824 CRITICAL

Published: 2022-01-10 | Last Modified: 2025-05-05 | Status: Modified

Description

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Additional Descriptions (1)

la función defineAttribute en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-190
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-190

Affected Products

Vendor	Product	Version	Update	Type
libexpat_project	libexpat	*	<built-in method update of dict object at 0x72a9cd0bcd80>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a961ec3800>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a961ec2500>	Application
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a961ec1b80>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x72a9cd0bd1c0>	Operating System
siemens	sinema_remote_connect_server	*	<built-in method update of dict object at 0x72a9cd0be1c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:libexpat_project:libexpat::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:tenable:nessus::::::::`
Yes	`cpe:2.3:a:tenable:nessus::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:siemens:sinema_remote_connect_server::::::::`

References

http://www.openwall.com/lists/oss-security/2022/01/17/3
Source: [email protected]

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: [email protected]

Patch Third Party Advisory
https://github.com/libexpat/libexpat/pull/539
Source: [email protected]

Patch Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Source: [email protected]

Third Party Advisory
https://www.debian.org/security/2022/dsa-5073
Source: [email protected]

Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Source: [email protected]

Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/17/3
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://github.com/libexpat/libexpat/pull/539
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2022/dsa-5073
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory