Critical: expat

🗓️ 22 Mar 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 8 Views

Expat before 2.4.4 has multiple integer overflows leading to vulnerabilities and code execution risks.

Reporter	Title	Published	Views	Family All 1976
IBM Security Bulletins	Security Bulletin: Due to use of Expat library, IBM Tivoli Network Manager (ITNM) is vulnerable to arbitrary code execution [CVE-2022-40674]	16 Jan 202316:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-25313	4 Nov 202217:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	30 Dec 202217:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On due to Expat vulnerabilities	11 Apr 202202:48	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Expat IBM Tivoli Network Manager is vulnerable to arbitrary code execution (multiple vulnerabilities)	4 Jul 202212:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities	14 Oct 202305:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library.	19 Jul 202208:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)	13 Dec 202205:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	30 Mar 202315:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.	16 May 202206:59	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	expat	2.5.0-1.amzn2023.0.2	expat-2.5.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	expat	2.5.0-1.amzn2023.0.2	expat-2.5.0-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	expat-debuginfo	2.5.0-1.amzn2023.0.2	expat-debuginfo-2.5.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	expat-debuginfo	2.5.0-1.amzn2023.0.2	expat-debuginfo-2.5.0-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	expat-debugsource	2.5.0-1.amzn2023.0.2	expat-debugsource-2.5.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	expat-debugsource	2.5.0-1.amzn2023.0.2	expat-debugsource-2.5.0-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	expat-devel	2.5.0-1.amzn2023.0.2	expat-devel-2.5.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	expat-devel	2.5.0-1.amzn2023.0.2	expat-devel-2.5.0-1.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	expat-static	2.5.0-1.amzn2023.0.2	expat-static-2.5.0-1.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	expat-static	2.5.0-1.amzn2023.0.2	expat-static-2.5.0-1.amzn2023.0.2.x86_64.rpm

22 Mar 2023 00:00Current

9High risk

Vulners AI Score9

CVSS 3.19.8

CVSS 29

EPSS0.11027

SSVC

expat vulnerabilities integer overflow memory misbehavior software flaw arbitrary code execution utf-8 issues.