CVE-2022-22826 HIGH

Published: 2022-01-10 | Last Modified: 2025-05-05 | Status: Modified

Description

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Additional Descriptions (1)

la función nextScaffoldPart en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros

CVSS Metrics

Base Score: 8.8 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 5.9

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-190
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-190

Affected Products

Vendor	Product	Version	Update	Type
libexpat_project	libexpat	*	<built-in method update of dict object at 0x72a9994a9980>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a9cce74dc0>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a9b0d8c700>	Application
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a9ccf008c0>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x72a9994a8200>	Operating System
siemens	sinema_remote_connect_server	*	<built-in method update of dict object at 0x72a9994aa040>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:libexpat_project:libexpat::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:tenable:nessus::::::::`
Yes	`cpe:2.3:a:tenable:nessus::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:siemens:sinema_remote_connect_server::::::::`

References

http://www.openwall.com/lists/oss-security/2022/01/17/3
Source: [email protected]

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: [email protected]

Patch Third Party Advisory
https://github.com/libexpat/libexpat/pull/539
Source: [email protected]

Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Source: [email protected]

Third Party Advisory
https://www.debian.org/security/2022/dsa-5073
Source: [email protected]

Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Source: [email protected]

Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/17/3
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://github.com/libexpat/libexpat/pull/539
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2022/dsa-5073
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory