Lucene search

K
f5F5F5:K19473898
HistoryApr 30, 2022 - 12:00 a.m.

K19473898 : Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, and CVE-2022-25315

2022-04-3000:00:00
my.f5.com
72
expat
cve-2022-23852
cve-2022-25235
cve-2022-25236
cve-2022-25315
integer overflow
encoding validation
namespace insertion

AI Score

9.9

Confidence

High

EPSS

0.035

Percentile

91.6%

Security Advisory Description

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Impact

A remote attacker could send specially crafted XML which, when parsed by an application using the Expat library, would result in a buffer over-read and cause the application to stop responding.