rpm package
suse/expat&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4
pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43680 | — | < 2.4.4-150400.3.12.1 | 2.4.4-150400.3.12.1 | Oct 24, 2022 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||
| CVE-2022-40674 | — | < 2.4.4-150400.3.9.1 | 2.4.4-150400.3.9.1 | Sep 14, 2022 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | ||
| CVE-2022-25314 | — | < 2.4.4-150400.3.6.9 | 2.4.4-150400.3.6.9 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | ||
| CVE-2022-25315 | — | < 2.4.4-150400.3.6.9 | 2.4.4-150400.3.6.9 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | ||
| CVE-2022-25313 | — | < 2.4.4-150400.3.6.9 | 2.4.4-150400.3.6.9 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | ||
| CVE-2022-25235 | — | < 2.4.4-150400.3.6.9 | 2.4.4-150400.3.6.9 | Feb 16, 2022 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | ||
| CVE-2022-25236 | — | < 2.4.4-150400.3.6.9 | 2.4.4-150400.3.6.9 | Feb 16, 2022 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
- CVE-2022-43680Oct 24, 2022affected < 2.4.4-150400.3.12.1fixed 2.4.4-150400.3.12.1
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- CVE-2022-40674Sep 14, 2022affected < 2.4.4-150400.3.9.1fixed 2.4.4-150400.3.9.1
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
- CVE-2022-25314Feb 18, 2022affected < 2.4.4-150400.3.6.9fixed 2.4.4-150400.3.6.9
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
- CVE-2022-25315Feb 18, 2022affected < 2.4.4-150400.3.6.9fixed 2.4.4-150400.3.6.9
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
- CVE-2022-25313Feb 18, 2022affected < 2.4.4-150400.3.6.9fixed 2.4.4-150400.3.6.9
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
- CVE-2022-25235Feb 16, 2022affected < 2.4.4-150400.3.6.9fixed 2.4.4-150400.3.6.9
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- CVE-2022-25236Feb 16, 2022affected < 2.4.4-150400.3.6.9fixed 2.4.4-150400.3.6.9
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.