Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-04545
HistoryJan 08, 2022 - 12:00 a.m.

Expat has an unspecified vulnerability

2022-01-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
expat
xml parser
vulnerability
versions prior to 2.4.3
memory operations

EPSS

0.001

Percentile

51.5%

Expat is a fast streaming XML parser written in C. Expat is vulnerable in versions prior to 2.4.3. The vulnerability stems from m_groupSize in Expat’s xmlparse.c that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to other memory locations associated with it. No detailed vulnerability details are currently available.