CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

The problem occurs when processing XSLT stylesheets with long strings that exceed the maximum value of long. This can happen when parsing attributes or stylesheet parameters.

An attacker can exploit this issue to execute arbitrary code with the privileges of the libexpat process.

The updated packages were released on November 1, 2017.

Exim (CVE-2017-7529) has a heap-based buffer overflow in the parsing of the SMTP extensions.

An attacker can exploit this issue to execute arbitrary code with the privileges of the Exim process.

The updated packages were released on August 8, 2017.

In GnuPG 2.1 before 2.1.26 and 2.2 before 2.2.11, a buffer overflow in the parsing of X.509 certificates was discovered.
An attacker can exploit this issue to execute arbitrary code with the privileges of the GnuPG process.
The updated packages were released on August 8, 2017.

In glibc 2.17 before 2.17-r2, a buffer overflow in the parsing of X.509 certificates was discovered. An attacker can exploit this issue to execute arbitrary code with the privileges of the glibc process.
This issue does not affect Red Hat Enterprise Linux 6 or Red Hat Enterprise Linux 7. The updated packages were released on August 8, 2017.

In GnuPG 2.1 before 2.1.26 and 2.2 before 2.

Vulnerability in libtasn1

An attacker can exploit this issue to cause a denial of service (application crash) or possibly gain privileges.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe