Red Hat Security Advisory: expat security update
🔗 CVE IDs covered (12)
📋 Description
CVE-2021-45960 — expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-46143 — expat: Integer overflow in doProlog in xmlparse.c CVE-2022-22822 — expat: Integer overflow in addBinding in xmlparse.c CVE-2022-22823 — expat: Integer overflow in build_model in xmlparse.c CVE-2022-22824 — expat: Integer overflow in defineAttribute in xmlparse.c CVE-2022-22825 — expat: Integer overflow in lookup in xmlparse.c CVE-2022-22826 — expat: Integer overflow in nextScaffoldPart in xmlparse.c CVE-2022-22827 — expat: Integer overflow in storeAtts in xmlparse.c CVE-2022-23852 — expat: Integer overflow in function XML_GetBuffer CVE-2022-25235 — expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25236 — expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution CVE-2022-25315 — expat: Integer overflow in storeRawNames()
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2022:1069
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044457
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044464
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044467
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044484
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044488
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044613
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056363
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056366
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056370
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1069.json