PT-2022-1765 · Expat+12 · Expat+12

Published

2022-02-18

·

Updated

2026-04-01

·

CVE-2022-25313

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Expat (aka libexpat) versions prior to 2.4.5
Description The issue is related to a stack exhaustion vulnerability in the build model function of the Expat library, caused by a large nesting depth in the DTD element. This can allow a remote attacker to execute arbitrary code on the system. The vulnerability is also associated with an integer overflow in addBinding in xmlparse.c, which can be exploited by persuading a victim to open a specially-crafted file.
Recommendations For Expat (aka libexpat) versions prior to 2.4.5, update to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the build model function to minimize the risk of exploitation. Additionally, avoid using specially-crafted files that could trigger the integer overflow in addBinding until the issue is resolved.

Fix

Stack Overflow

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-674

Related Identifiers

ALSA-2022:5244
ALSA-2022:5314
ALSA-2022:7811
ALT-PU-2022-1348
ALT-PU-2023-4107
ALT-PU-2023-4120
ALT-PU-2023-4144
AZL-8623
BDU:2022-01064
CESA-2022_5314
CESA-2022_7811
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2022-25313
DLA-2935-1
DSA-5085-1
MGASA-2022-0081
OESA-2022-1554
OESA-2022-2057
OPENSUSE-SU-2022:0713-1
OPENSUSE-SU-2022_0713-1
OPENSUSE-SU-2022_2294-1
OPENSUSE-SU-2024:11866-1
RHSA-2022:5244
RHSA-2022:5314
RHSA-2022:7811
RHSA-2022_5244
RHSA-2022_5314
RHSA-2022_7811
RLSA-2022:5314
SUSE-SU-2022:0698-1
SUSE-SU-2022:0713-1
SUSE-SU-2022:14903-1
SUSE-SU-2022:2294-1
SUSE-SU-2022_14903-1
USN-5320-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Expat
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu