rpm package
almalinux/expat-devel
pkg:rpm/almalinux/expat-devel
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22825 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 8, 2022 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22826 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 8, 2022 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22827 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 8, 2022 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2021-46143 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 6, 2022 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | ||
| CVE-2021-45960 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 1, 2022 | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
- CVE-2022-22825Jan 8, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22826Jan 8, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22827Jan 8, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2021-46143Jan 6, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
- CVE-2021-45960Jan 1, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Page 2 of 2