CVE-2022-22827 HIGH

Published: 2022-01-10 | Last Modified: 2025-05-05 | Status: Modified

Description

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Additional Descriptions (1)

la función storeAtts en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros

CVSS Metrics

Base Score: 8.8 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 5.9

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-190
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-190

Affected Products

Vendor	Product	Version	Update	Type
libexpat_project	libexpat	*	<built-in method update of dict object at 0x72a961ec8940>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a961ecb540>	Application
tenable	nessus	*	<built-in method update of dict object at 0x72a9b0a6f200>	Application
debian	debian_linux	10.0	<built-in method update of dict object at 0x72a963c6bcc0>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x72a961ecab40>	Operating System
siemens	sinema_remote_connect_server	*	<built-in method update of dict object at 0x72a99977bd80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:libexpat_project:libexpat::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:tenable:nessus::::::::`
Yes	`cpe:2.3:a:tenable:nessus::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:siemens:sinema_remote_connect_server::::::::`

References

http://www.openwall.com/lists/oss-security/2022/01/17/3
Source: [email protected]

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: [email protected]

Third Party Advisory
https://github.com/libexpat/libexpat/pull/539
Source: [email protected]

Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Source: [email protected]

Third Party Advisory
https://www.debian.org/security/2022/dsa-5073
Source: [email protected]

Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Source: [email protected]

Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/17/3
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://github.com/libexpat/libexpat/pull/539
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.debian.org/security/2022/dsa-5073
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory