rpm package
suse/expat&distro=SUSE Linux Enterprise Real Time 15 SP2
pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25314 | — | < 2.2.5-3.15.1 | 2.2.5-3.15.1 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | ||
| CVE-2022-25315 | — | < 2.2.5-3.15.1 | 2.2.5-3.15.1 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | ||
| CVE-2022-25313 | — | < 2.2.5-3.15.1 | 2.2.5-3.15.1 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | ||
| CVE-2022-25235 | — | < 2.2.5-3.15.1 | 2.2.5-3.15.1 | Feb 16, 2022 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | ||
| CVE-2022-25236 | — | < 2.2.5-3.15.1 | 2.2.5-3.15.1 | Feb 16, 2022 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | ||
| CVE-2022-23990 | — | < 2.2.5-3.12.1 | 2.2.5-3.12.1 | Jan 26, 2022 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | ||
| CVE-2022-23852 | — | < 2.2.5-3.12.1 | 2.2.5-3.12.1 | Jan 24, 2022 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
- CVE-2022-25314Feb 18, 2022affected < 2.2.5-3.15.1fixed 2.2.5-3.15.1
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
- CVE-2022-25315Feb 18, 2022affected < 2.2.5-3.15.1fixed 2.2.5-3.15.1
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
- CVE-2022-25313Feb 18, 2022affected < 2.2.5-3.15.1fixed 2.2.5-3.15.1
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
- CVE-2022-25235Feb 16, 2022affected < 2.2.5-3.15.1fixed 2.2.5-3.15.1
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- CVE-2022-25236Feb 16, 2022affected < 2.2.5-3.15.1fixed 2.2.5-3.15.1
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
- CVE-2022-23990Jan 26, 2022affected < 2.2.5-3.12.1fixed 2.2.5-3.12.1
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
- CVE-2022-23852Jan 24, 2022affected < 2.2.5-3.12.1fixed 2.2.5-3.12.1
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.