163 matches found
expat security update
2.1.0-14.0.1 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910302 2.1.0-14 - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in 'xmlns:prefix' attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8...
expat: Integer overflow in defineAttribute in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
Oracle Linux 8 : expat (ELSA-2022-0951)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0951 advisory. - Improve fix for CVE-2022-25236 - Related: CVE-2022-25236 - Resolves: CVE-2022-25236 - Resolves: CVE-2022-25235 - Resolves: CVE-2022-25315 -...
expat: Integer overflow in addBinding in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...
expat: Integer overflow in defineAttribute in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
expat: Integer overflow in defineAttribute in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
expat: Integer overflow in build_model in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...
Amazon Linux 2 : expat (ALAS-2022-1764)
The version of expat installed on the remote host is prior to 2.1.0-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1764 advisory. A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML...
Amazon Linux AMI : expat (ALAS-2022-1573)
The version of expat installed on the remote host is prior to 2.1.0-12.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1573 advisory. A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML...
SUSE SLES12 Security Update : expat (SUSE-SU-2022:0698-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0698-1 advisory. - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 characte...
Denial Of Service (DoS)
libexpat.so is vulnerable to denial of service. An attacker can trigger stack exhaustion in the buildmodel function of xmlparse.c via a large nesting depth in the DTD element, leading to an application crash...
Denial Of Service (DoS)
libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the copyString function of xmlparse.c as it is only used for encoding strings supplied by the library user, allowing an attacker to cause an application crash...
Privilege Escalation
libexpat.so is vulnerable to privilege escalation. The vulnerability exists in the namespace-separator Character Handler in the xmlparse.c allowing an unauthorized user to access the system account...
DEBIAN-CVE-2022-25236
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
CVE-2022-25236
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
CVE-2022-25236
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
CVE-2022-25236
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
CVE-2022-25236
xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...
PT-2022-1766
Name of the Vulnerable Software and Affected Versions Expat aka libexpat versions prior to 2.4.5 Description The issue is related to insufficient input validation in the xmlparse.c component of the Expat library, allowing attackers to insert namespace-separator characters into namespace URIs. Thi...
Integer Overflow
libexpat.so is vulnerable to integer overflow. The vulnerability exists in the doProlog function in the xmlparse.c file, allowing an attacker to cause an application crash...