IM
IronMonkey Threat Research

CVE-2022-43680 HIGH

Published: 2022-10-24 | Last Modified: 2025-05-30 | Status: Modified

Description

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Additional Descriptions (1)

En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucción excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-416
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-416

Affected Products

Vendor Product Version Update Type
libexpat_project libexpat * <built-in method update of dict object at 0x72a963c69640> Application
debian debian_linux 10.0 <built-in method update of dict object at 0x72a99977ae40> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x72a999778440> Operating System
fedoraproject fedora 35 <built-in method update of dict object at 0x72a963c6b700> Operating System
fedoraproject fedora 36 <built-in method update of dict object at 0x72a963c6aa00> Operating System
fedoraproject fedora 37 <built-in method update of dict object at 0x72a963c69240> Operating System
netapp h300s_firmware - <built-in method update of dict object at 0x72a99977a1c0> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x72a963c691c0> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x72a963c6b580> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x72a963c6a100> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x72a961ecafc0> Operating System
netapp active_iq_unified_manager - <built-in method update of dict object at 0x72a963c69f00> Application
netapp oncommand_workflow_automation - <built-in method update of dict object at 0x72a9b0cf9500> Application
netapp solidfire_\&_hci_management_node - <built-in method update of dict object at 0x72a999778400> Application
netapp hci_compute_node_firmware - <built-in method update of dict object at 0x72a961eca380> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

References

Notification
Message here