CVE-2022-22823

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.4.3

Description The issue is related to an integer overflow in the build model function in xmlparse.c of the Expat library. This could allow a remote attacker to execute arbitrary code on the system by persuading a victim to open a specially-crafted file. The exploitation of this issue may enable an attacker to run arbitrary code.

Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the build model function in xmlparse.c until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:0951

ALSA-2022:7692

ALT-PU-2022-1072

ALT-PU-2022-1130

ALT-PU-2022-1176

ALT-PU-2023-4107

AZL-7157

BDU:2022-01060

CESA-2022_0818

CESA-2022_0824

CESA-2022_0845

CESA-2022_0850

CESA-2022_0951

CESA-2022_1069

CESA-2022_7692

CLEANSTART-2026-EM10970

CLEANSTART-2026-MH09144

CLEANSTART-2026-YT18139

CVE-2022-22823

DLA-2904-1

DSA-5073-1

MGASA-2022-0031

OESA-2022-1490

OESA-2023-1454

OESA-2023-1455

OPENSUSE-SU-2022:0178-1

OPENSUSE-SU-2022_0178-1

OPENSUSE-SU-2024:11762-1

RHSA-2022:0818

RHSA-2022:0824

RHSA-2022:0845

RHSA-2022:0850

RHSA-2022:0951

RHSA-2022:1069

RHSA-2022:7692

RHSA-2022_0818

RHSA-2022_0824

RHSA-2022_0845

RHSA-2022_0850

RHSA-2022_0951

RHSA-2022_1069

RHSA-2022_7692

RLSA-2022:0951

RLSA-2022:7692

SUSE-SU-2022:0178-1

SUSE-SU-2022:0179-1

SUSE-SU-2022:14878-1

USN-5288-1

USN-5455-1

USN-7199-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Expat

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-22823

Weakness Enumeration

Related Identifiers

Affected Products

References · 218