Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-18358
HistoryJan 28, 2022 - 12:00 a.m.

Expat integer overflow vulnerability

2022-01-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
18
expat
integer overflow
xml
parser
vulnerability
remote attackers
arbitrary code
boundary error
untrusted input

EPSS

0.009

Percentile

83.4%

Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists in versions of Expat prior to 2.4.4, which stems from a boundary error when processing untrusted input and can be exploited by remote attackers to execute arbitrary code on the system.