Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-04542
HistoryJan 14, 2022 - 12:00 a.m.

Expat lookup function buffer overflow vulnerability

2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
expat
xml
buffer overflow
vulnerability
remote attacker
arbitrary code
system security

EPSS

0.013

Percentile

86.4%

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in xmlparse.c in lookup when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system.