CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

On systems where large integers are used this can result in a denial of service. Unfortunately no fix has been published yet.

This issue was reported by Julien Vary. Thanks to Julien Vary for reporting this issue. This issue has been fixed in the upstream libexpat. On systems where large integers are used this can result in a denial of service. Unfortunately no fix has been published yet.This issue was reported by Julien Vary. Thanks to Julien Vary for reporting this issue. libexpat before 2.4.3 did not sufficiently sanitize user-provided input before passing it to XmlNode. This can result in a denial of service when a malicious user supplies a crafted XmlNode with a large integer value as the node data. This issue has been fixed in the upstream libexpat. For the oldstable distribution (jessie), this problem has been fixed in version 2.4.2-2+deb8u2. For the stable distribution (stretch), this problem has been fixed in version 2.5.2-1. libexpat before 2.4.3 did not sufficiently sanitize user-provided input before passing it to XmlNode. This can result in a denial of service when a malicious user supplies a crafted XmlNode with a large integer value as the node data. This issue has been fixed in the upstream libexpat. For the oldstable distribution (jessie),

CVE-2019-6238

The issue was fixed in the upstream libexpat.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe