VYPR

rpm package

suse/expat&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (17)

  • CVE-2022-25314Feb 18, 2022
    affected < 2.1.0-21.18.1fixed 2.1.0-21.18.1

    In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

  • CVE-2022-25315Feb 18, 2022
    affected < 2.1.0-21.18.1fixed 2.1.0-21.18.1

    In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

  • CVE-2022-25313Feb 18, 2022
    affected < 2.1.0-21.18.1fixed 2.1.0-21.18.1

    In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

  • CVE-2022-25235Feb 16, 2022
    affected < 2.1.0-21.18.1fixed 2.1.0-21.18.1

    xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

  • CVE-2022-25236Feb 16, 2022
    affected < 2.1.0-21.18.1fixed 2.1.0-21.18.1

    xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

  • CVE-2022-23990Jan 26, 2022
    affected < 2.1.0-21.15.1fixed 2.1.0-21.15.1

    Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

  • CVE-2022-23852Jan 24, 2022
    affected < 2.1.0-21.15.1fixed 2.1.0-21.15.1

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

  • CVE-2022-22822Jan 8, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22823Jan 8, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22824Jan 8, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22825Jan 8, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22826Jan 8, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22827Jan 8, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2021-46143Jan 6, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

  • CVE-2021-45960Jan 1, 2022
    affected < 2.1.0-21.12.1fixed 2.1.0-21.12.1

    In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

  • CVE-2016-9063Jun 11, 2018
    affected < 2.1.0-21.3.1fixed 2.1.0-21.3.1

    An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

  • CVE-2017-9233HigJul 25, 2017
    affected < 2.1.0-21.3.1fixed 2.1.0-21.3.1

    XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.