Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )

Summary

libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-22823
**DESCRIPTION:**Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216907 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22827
**DESCRIPTION:**Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of storeAtts in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216901 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22822
**DESCRIPTION:**Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216908 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22826
**DESCRIPTION:**Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of nextScaffoldPart in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216904 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22824
**DESCRIPTION:**Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216906 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-22825
**DESCRIPTION:**Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216905 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

Apply a fix pack as listed in the table below. The fix pack includes Expat 2.4.6**.**

Affected Versions

|

Applying the fix

—|—
9.1 through 9.1.0.3| Install Rational ClearCase Fix Pack 3 (9.1.0.3) for 9.1
9.0.2 through 9.0.2.6| Install Rational ClearCase Fix Pack 6 (9.0.2.6) for 9.0.2

9.0.1 through 9.0.1.14
9.0 through 9.0.0.6

| Install Rational ClearCase Fix Pack 14 (9.0.1.14) for 9.0.1

For 8.0.X and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None