lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314]
[2.2.5-8.3]
Ensure raw tagnames are safe exiting internalEntityParser
Resolves: CVE-2022-40674

OSVersionArchitecturePackageVersionFilename
oracle linux8srcexpat< 2.2.5-8.0.1.el8_6.3expat-2.2.5-8.0.1.el8_6.3.src.rpm
oracle linux8aarch64expat< 2.2.5-8.0.1.el8_6.3expat-2.2.5-8.0.1.el8_6.3.aarch64.rpm
oracle linux8aarch64expat-devel< 2.2.5-8.0.1.el8_6.3expat-devel-2.2.5-8.0.1.el8_6.3.aarch64.rpm
oracle linux8srcexpat< 2.2.5-8.0.1.el8_6.3expat-2.2.5-8.0.1.el8_6.3.src.rpm
oracle linux8i686expat< 2.2.5-8.0.1.el8_6.3expat-2.2.5-8.0.1.el8_6.3.i686.rpm
oracle linux8x86_64expat< 2.2.5-8.0.1.el8_6.3expat-2.2.5-8.0.1.el8_6.3.x86_64.rpm
oracle linux8i686expat-devel< 2.2.5-8.0.1.el8_6.3expat-devel-2.2.5-8.0.1.el8_6.3.i686.rpm
oracle linux8x86_64expat-devel< 2.2.5-8.0.1.el8_6.3expat-devel-2.2.5-8.0.1.el8_6.3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	8	src	expat	< 2.2.5-8.0.1.el8_6.3	expat-2.2.5-8.0.1.el8_6.3.src.rpm
oracle linux	8	aarch64	expat	< 2.2.5-8.0.1.el8_6.3	expat-2.2.5-8.0.1.el8_6.3.aarch64.rpm
oracle linux	8	aarch64	expat-devel	< 2.2.5-8.0.1.el8_6.3	expat-devel-2.2.5-8.0.1.el8_6.3.aarch64.rpm
oracle linux	8	src	expat	< 2.2.5-8.0.1.el8_6.3	expat-2.2.5-8.0.1.el8_6.3.src.rpm
oracle linux	8	i686	expat	< 2.2.5-8.0.1.el8_6.3	expat-2.2.5-8.0.1.el8_6.3.i686.rpm
oracle linux	8	x86_64	expat	< 2.2.5-8.0.1.el8_6.3	expat-2.2.5-8.0.1.el8_6.3.x86_64.rpm
oracle linux	8	i686	expat-devel	< 2.2.5-8.0.1.el8_6.3	expat-devel-2.2.5-8.0.1.el8_6.3.i686.rpm
oracle linux	8	x86_64	expat-devel	< 2.2.5-8.0.1.el8_6.3	expat-devel-2.2.5-8.0.1.el8_6.3.x86_64.rpm

nessus 77

redhat 21

osv 15

cbl_mariner 2

f5 1

photon 1

redhatcve 1

openvas 23

oraclelinux 10

ibm 9

almalinux 7

amazon 2

mageia 3

cve 1

suse 2

rocky 3

debian 2

fedora 2

rosalinux 2

ubuntu 1

veracode 1

prion 1

freebsd 1

cloudlinux 1

alpinelinux 1

debiancve 1

slackware 2

cgr 1

ubuntucve 1

githubexploit 2

wolfi 1

centos 1

nessus

EulerOS Virtualization 2.9.1 : expat (EulerOS-SA-2023-1190)

2023-01-11 00:00:00

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current expat Vulnerability (SSA:2022-263-01)

2022-09-20 00:00:00

Fedora 35 : expat (2022-c68d90efc3)

2022-12-23 00:00:00

redhat

(RHSA-2022:6967) Important: compat-expat1 security update

2022-10-17 08:01:11

(RHSA-2022:6834) Important: expat security update

2022-10-06 12:04:09

(RHSA-2022:6831) Important: expat security update

2022-10-06 12:03:25

osv

expat vulnerability

2022-09-26 14:19:17

Important: thunderbird security update

2022-10-18 17:40:48

expat - security update

2022-09-22 00:00:00

cbl_mariner

CVE-2022-40674 affecting package expat 2.4.8-1

2022-09-23 18:23:13

CVE-2022-40674 affecting package expat 2.4.6-1

2022-10-04 07:51:28

K44454157 : Expat vulnerability CVE-2022-40674

2022-10-31 00:00:00

photon

Critical Photon OS Security Update - PHSA-2022-0249

2022-09-21 00:00:00

redhatcve

CVE-2022-40674

2022-09-29 05:18:54

openvas

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2762)

2022-11-14 00:00:00

Fedora: Security Advisory for expat (FEDORA-2022-15ec504440)

2022-10-08 00:00:00

Mageia: Security Advisory (MGASA-2022-0399)

2022-10-28 00:00:00

oraclelinux

expat security update

2022-10-29 00:00:00

thunderbird security update

2022-10-26 00:00:00

expat security update

2022-10-06 00:00:00

ibm

Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution [CVE-2022-40674]

2022-12-30 17:31:59

Security Bulletin: Due to use of Expat library, IBM Tivoli Network Manager (ITNM) is vulnerable to arbitrary code execution [CVE-2022-40674]

2023-01-16 16:43:37

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2022-40674]

2022-11-24 05:04:25

almalinux

Important: expat security update

2022-10-06 00:00:00

Important: firefox security update

2022-10-18 00:00:00

Important: thunderbird security update

2022-10-18 00:00:00

amazon

Important: expat

2022-10-31 19:40:00

Important: expat

2022-12-01 17:34:00

mageia

Updated expat packages fix security vulnerability

2022-10-01 20:48:24

Updated thunderbird packages fix security vulnerability

2022-10-28 09:54:08

Updated firefox packages fix security vulnerability

2022-10-28 09:54:08

cve

CVE-2022-40674

2022-09-14 11:15:00

suse

Security update for expat (important)

2022-10-01 00:00:00

Security update for expat (important)

2022-10-17 00:00:00

rocky

expat security update

2022-10-06 14:37:41

firefox security update

2022-10-18 17:41:04

expat security update

2022-10-11 12:38:26

debian

[SECURITY] [DSA 5236-1] expat security update

2022-09-22 20:17:33

[SECURITY] [DLA 3119-1] expat security update

2022-09-25 07:05:40

fedora

[SECURITY] Fedora 35 Update: expat-2.4.9-1.fc35

2022-10-14 12:58:55

[SECURITY] Fedora 36 Update: expat-2.4.9-1.fc36

2022-10-07 15:56:55

rosalinux

Advisory ROSA-SA-2023-2166

2023-06-20 09:12:17

Advisory ROSA-SA-2023-2168

2023-06-20 09:22:31

ubuntu

Expat vulnerability

2022-09-26 00:00:00

veracode

Use-After-Free

2022-09-15 08:37:15

prion

Design/Logic Flaw

2022-09-14 11:15:00

freebsd

expat -- Heap use-after-free vulnerability

2022-09-14 00:00:00

cloudlinux

Fixed CVE-2022-40674 in expat

2022-09-26 11:53:23

alpinelinux

CVE-2022-40674

2022-09-14 11:15:00

debiancve

CVE-2022-40674

2022-09-14 11:15:00

slackware

[slackware-security] expat

2022-09-20 22:58:31

[slackware-security] python3

2022-10-14 01:46:13

cgr

CVE-2022-40674 vulnerabilities

2024-02-06 23:19:33

ubuntucve

CVE-2022-40674

2022-09-14 00:00:00

githubexploit

Exploit for Use After Free in Libexpat Project Libexpat

2022-10-19 11:15:29

Exploit for Use After Free in Libexpat Project Libexpat

2022-10-19 11:15:29

wolfi

CVE-2022-40674 vulnerabilities

2024-02-07 01:47:52

centos

expat security update

2022-10-26 14:19:51

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Related for ELSA-2022-6878