rpm package
almalinux/expat
pkg:rpm/almalinux/expat
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-22824 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 10, 2022 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |
| CVE-2022-22823 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 10, 2022 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |
| CVE-2022-22822 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 10, 2022 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |
| CVE-2021-46143 | Hig | 8.1 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 6, 2022 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | |
| CVE-2021-45960 | Hig | 8.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 1, 2022 | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Page 2 of 2