Lucene search

K
osvGoogleOSV:ASB-A-255449293
HistoryFeb 01, 2023 - 12:00 a.m.

Vulnerability: Package libexpat affected by CVE-2022-43680 affecting GitOnBorg::android::platform::external::expat

2023-02-0100:00:00
Google
osv.dev
13
vulnerability
libexpat
cve-2022-43680
remote code execution
xmlparse.c
use after free
exploitation

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.004

Percentile

74.1%

In parserCreate of xmlparse.c, there is a possible use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.004

Percentile

74.1%