CVE-2022-22827

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Expat (aka libexpat) versions prior to 2.4.3

Description The issue is related to an integer overflow in the storeAtts function in xmlparse.c of the Expat library. This could allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the storeAtts function in xmlparse.c until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:0951

ALSA-2022:7692

ALT-PU-2022-1072

ALT-PU-2022-1130

ALT-PU-2022-1176

ALT-PU-2023-4107

AZL-7161

BDU:2022-01058

CESA-2022_0951

CESA-2022_1069

CESA-2022_7692

CLEANSTART-2026-EM10970

CLEANSTART-2026-MH09144

CLEANSTART-2026-YT18139

CVE-2022-22827

DLA-2904-1

DSA-5073-1

MGASA-2022-0031

OESA-2022-1490

OESA-2023-1464

OESA-2023-1465

OPENSUSE-SU-2022:0178-1

OPENSUSE-SU-2022_0178-1

OPENSUSE-SU-2024:11762-1

RHSA-2022:0951

RHSA-2022:1069

RHSA-2022:7692

RHSA-2022_0951

RHSA-2022_1069

RHSA-2022_7692

RLSA-2022:0951

RLSA-2022:7692

SUSE-SU-2022:0178-1

SUSE-SU-2022:0179-1

SUSE-SU-2022:14878-1

USN-5288-1

USN-5455-1

USN-7199-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Expat

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-22827

Weakness Enumeration

Related Identifiers

Affected Products

References · 219