Lucene search

K
cloudlinuxCloudLinuxCLSA-2022:1660762248
HistoryAug 17, 2022 - 6:50 p.m.

Fixed 13 CVEs in expat

2022-08-1718:50:48
repo.cloudlinux.com
56

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.8%

  • CVE-2022-25236: Fix insertion of namespace-separator characters into
    namespace URIs
  • CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to
    arbitrary code execution
  • CVE-2022-25315: Fix integer overflow in storeRawNames()
  • CVE-2022-22822: Fix integer overflow in addBinding()
  • CVE-2022-22823: Fix integer overflow in build_model()
  • CVE-2022-22824: Fix integer overflow in defineAttribute()
  • CVE-2022-22825: Fix integer overflow in lookup()
  • CVE-2022-22826: Fix integer overflow in nextScaffoldPart()
  • CVE-2022-22827: Fix integer overflow in storeAtts()
  • CVE-2022-23852: Fix integer overflow in XML_GetBuffer()
  • CVE-2021-46143: Fix integer overflow on m_groupSize in doProlog()
  • CVE-2021-45960: Fix troublesome left shifts in storeAtts()
  • CVE-2022-23990: Fix integer overflow in doProlog()

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.8%

Related for CLSA-2022:1660762248