Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-04544
HistoryJan 14, 2022 - 12:00 a.m.

Expat storeAtt function buffer overflow vulnerability

2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
22
expat
buffer overflow
xml parser
vulnerability
remote attacker
arbitrary code
system security

EPSS

0.012

Percentile

85.6%

Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system.