PT-2022-1362 · Expat+12 · Expat+12
Published
2022-01-08
·
Updated
2026-04-01
·
CVE-2022-22822
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Expat (aka libexpat) versions prior to 2.4.3
Description
The issue is related to an integer overflow in the
addBinding() function of the Expat library. This could allow a remote attacker to execute arbitrary code on the system by persuading a victim to open a specially-crafted file. Additionally, there is a possible out of bounds write due to a missing bounds check in the storeAtts function, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Recommendations
For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider disabling the
addBinding() function until a patch is available. Restrict access to the xmlparse.c module to minimize the risk of exploitation. Avoid using the storeAtts function in the affected API endpoint until the issue is resolved.Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Expat
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu