expat: Integer overflow in storeAtts in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CLSA-2022-1660757175 Fixed 15 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

In Expat (aka libexpat) before 2.4.3 a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g. allocating too few bytes or only freeing memory).

...

Shopify: Improper access check by Kit leads to controlling attributes of store & getting analytics by deleted Store member via dual messenger A/C

Hi, Disclaimer : - This report will be detected as a duplicate of a N/A marked report by me351154.The reason for self-close was i did not know if the scope in your policy only restricted to XSS,CSRF on kitcrm.com the domain. Issue : - A deleted store member can still use Kit via Facebook messenge...