PT-2022-1367 · Expat+12 · Expat+12

Published

2022-02-18

·

Updated

2026-04-01

·

CVE-2022-25314

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Expat (aka libexpat) versions prior to 2.4.5
Description The issue is related to an integer overflow in the copyString function of the Expat library. This could allow a remote attacker to cause a denial of service by sending a specially crafted request. The vulnerability may also lead to memory corruption and potentially allow an attacker to execute arbitrary code on the system.
Recommendations For versions prior to 2.4.5, update to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the copyString function until a patch is available. Avoid using the Expat library to parse specially crafted files or data that could trigger the integer overflow in the copyString function.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:5244
ALSA-2022:5314
ALSA-2022:7811
ALT-PU-2022-1348
ALT-PU-2023-4107
ALT-PU-2023-4120
ALT-PU-2023-4144
ASB-A-221384482
AZL-8624
BDU:2022-01062
CESA-2022_5314
CESA-2022_7811
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2022-25314
DSA-5085-1
MGASA-2022-0081
OESA-2022-1554
OESA-2022-2057
OPENSUSE-SU-2022:0713-1
OPENSUSE-SU-2022_0713-1
OPENSUSE-SU-2022_2294-1
OPENSUSE-SU-2024:11866-1
RHSA-2022:5244
RHSA-2022:5314
RHSA-2022:7811
RHSA-2022_5244
RHSA-2022_5314
RHSA-2022_7811
RLSA-2022:5314
SUSE-SU-2022:0698-1
SUSE-SU-2022:0713-1
SUSE-SU-2022:14903-1
SUSE-SU-2022:2294-1
SUSE-SU-2022_14903-1
USN-5320-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Expat
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu