CVE-2022-22825

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Expat (aka libexpat) versions prior to 2.4.3

Description The issue is related to an integer overflow in the lookup function of the xmlparse.c file in the Expat library. This can potentially allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the lookup function in the xmlparse.c file until a patch is available.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:0951

ALSA-2022:7692

ALT-PU-2022-1072

ALT-PU-2022-1130

ALT-PU-2022-1176

ALT-PU-2023-4107

AZL-7159

BDU:2022-00805

CESA-2022_0951

CESA-2022_1069

CESA-2022_7692

CLEANSTART-2026-EM10970

CLEANSTART-2026-MH09144

CLEANSTART-2026-YT18139

CVE-2022-22825

DLA-2904-1

DSA-5073-1

MGASA-2022-0031

OESA-2022-1490

OESA-2023-1464

OESA-2023-1465

OPENSUSE-SU-2022:0178-1

OPENSUSE-SU-2022_0178-1

OPENSUSE-SU-2024:11762-1

RHSA-2022:0951

RHSA-2022:1069

RHSA-2022:7692

RHSA-2022_0951

RHSA-2022_1069

RHSA-2022_7692

RLSA-2022:0951

RLSA-2022:7692

SUSE-SU-2022:0178-1

SUSE-SU-2022:0179-1

SUSE-SU-2022:14878-1

USN-5288-1

USN-5455-1

USN-7199-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Expat

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-22825

Weakness Enumeration

Related Identifiers

Affected Products

References · 216