IM
IronMonkey Threat Research

CVE-2022-23990 HIGH

Published: 2022-01-26 | Last Modified: 2025-05-05 | Status: Modified

Description

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Additional Descriptions (1)

Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros en la función doProlog

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-190
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-190

Affected Products

Vendor Product Version Update Type
libexpat_project libexpat * <built-in method update of dict object at 0x72a9cd08f140> Application
tenable nessus * <built-in method update of dict object at 0x72a9cd08f8c0> Application
tenable nessus * <built-in method update of dict object at 0x72a99977b9c0> Application
oracle communications_metasolv_solution 6.3.1 <built-in method update of dict object at 0x72a963c692c0> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x72a9cd08eb00> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x72a9cd08d340> Operating System
fedoraproject fedora 34 <built-in method update of dict object at 0x72a963c68c80> Operating System
fedoraproject fedora 35 <built-in method update of dict object at 0x72a9cd08d640> Operating System
siemens sinema_remote_connect_server * <built-in method update of dict object at 0x72a9cd08eac0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

References

Notification
Message here